Rollback RX™ - The “unOfishul” FAQ

Discussion in 'backup, imaging & disk mgmt' started by TheRollbackFrog, Apr 6, 2015.

  1. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,045
    Location:
    The Pond - USA
    Edited and compiled by: TheRollbackFrog (Member, Wilders Security Forums) on 06Apr2015 (Updated: 18January2016)

    EXECUTIVE SUMMARY: Horizon DataSys’ RollBack Rx™, a comprehensive Windows System Restore solution, is an extremely competent System protection application when all things are operating normally, but in no way is it to be considered a DATA backup solution. Due to its extremely sophisticated operating system integration, some of its DATA protection mechanisms actually may put your DATA at risk, primarily when using incompatible system management applications or while experiencing certain system failure modes.

    The attached document attempts to accurately discuss the incompatible system management functions as well as system failure scenarios that can put your DATA at extreme risk. The main items discussed lie in the areas of disk and partition management, external access of Rollback protected disks and partitions, Microsoft Windows Update management and disk imaging and data backup of protected disks and partitions. Hopefully this paper will assist the user in better understanding the possible vulnerabilities of using RollBack Rx™ within a complete System environment.

    PREFACE: The attached FAQ document below has been collected and created solely by TheRollbackFrog, an at large member of the WILDERS SECURITY FORUMS. Its intent and purpose is to educate users of the Horizon DataSys comprehensive Windows System Restore solution known as RollBack Rx™. RollBack Rx™ is a trademark of Horizon DataSys located in Vancouver, British Columbia in Canada. All information contained in this FAQ was gathered from current and former knowledgeable users of RollBack Rx™. No significant contributions to this document were solicited from or contributed by any employee of Horizon DataSys.

    I would like to thank all those WILDERS SECURITY FORUMS members who provided input for the creation of this document. I sincerely hope its content will assist any current or future user of RollBack Rx™ in understanding the interactive relationship between the application itself and the Microsoft Windows™ Operating System that it supports.

    Please feel free to offer any additional feedback that you feel could strengthen the content of the document and make it even more useful than originally intended... thank you!

    18January2016: Document update includes reference to newly released Rollback RX/Windows 10 Road Map... important in the fact that Rollback RX has become compatible with Windows 10 as of 09October2015. The section on Windows Updates has been changed to reflect the inability of Rollback RX to DEFER or DISABLE Windows updates on Windows 10 HOME systems. These systems are once again vulnerable to certain types of Windows updates.
     

    Attached Files:

    Last edited: Jan 18, 2016
  2. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,130
    Excellent Froggie, very well done. Do you think HDS will permit you to post this on the HDS Rx forum? Also, as I suggested before, is a wiki possible? I think this would help keep the info front and center.
     
  3. Kurtis Smejkal

    Kurtis Smejkal Registered Member

    Joined:
    Mar 17, 2015
    Posts:
    253
    Location:
    Vancouver, BC
    It's possible, we'd have to have development team and tech support look this all over. They need to confirm everything. That said, this is all looking good, and I'll keep everyone updated.
     
    Last edited: Apr 10, 2015
  4. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,130
    Froggie, I was browsing some of the other Rx related threads and noticed the issue with Rx being seen as malware by some rootkit scanners. You might want to include this in your report.
     
  5. StevenG

    StevenG Registered Member

    Joined:
    May 28, 2014
    Posts:
    47
    Froggie-

    Great job.

    I would suggest you add an executive summary since most of the "average" users you are targeting would probably not read this through.

    I would also suggest that the cold raw imaging option be highlighted as a true safety net. I have been using Rollback, ComodoTM, RestoreIT, and GoBack on many business machines since 1998 and the cold raw image always restores everything, even snapshots (or the full GoBack history).

    Regards,
    SteveG
     
  6. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    533
    Location:
    UK
    I used to use it, no problems. The only issue I had was the amount of space it used for a snapshot(s) but I see with all software of its kind its not possible to overcome that.
     
  7. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,045
    Location:
    The Pond - USA
    Thanks, Steve... I'll see what I can come up with.
     
  8. Kurtis Smejkal

    Kurtis Smejkal Registered Member

    Joined:
    Mar 17, 2015
    Posts:
    253
    Location:
    Vancouver, BC
    With recent versions you can automatize the process of deleting and defragmenting the snapshots over a period of time, so it can manage your space to a degree.
     
  9. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,045
    Location:
    The Pond - USA
    Document update: includes... 1. anti-RootKit warnings, 2. Emphasis on COLD RAW imaging for only known successful entire system restoration.

    Working on EXECUTIVE SUMMARY...
     
  10. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,045
    Location:
    The Pond - USA
    Document update: now includes an EXECUTIVE SUMMARY (Thanks, Steven!)
     
  11. Namirda

    Namirda Registered Member

    Joined:
    Apr 10, 2015
    Posts:
    1
    Froggie - great job. There should have been something like this from HDS years ago!

    I am still uncertain about the wisdom/dangers of running CHKDSK on a system with Rollback - is this something that should be mentioned in your FAQ?

    Thanks

    N
     
  12. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,045
    Location:
    The Pond - USA
    Namirda, I'm a little vague on this issue as it's changed through the years. Currently I believe it's run like so... if it's invoked at the OS level to run at the next reBOOT, it runs as a Native App under the protected system. When it runs at that time, the special RBrx drivers are in place so no significant damage will occur from that operation. That said, it it's run from any other environment (winPE, WinRE <Windows Repair mode>, etc.), it most likely will wreck a Rollback protected partition. This very thing happened to RickFromPhila recently here on the Forums.

    Hopefully, someone else will jump in here (Panagiotis, Kurtis... anyone?) and give you an answer that's a little more feelgood than mine. If I can get a knowledgeable answer I'll be happy to add it to the document. This is one of those questions that's been haunting HDS for years and I'm not sure they or anyone else has ever answered it to anyone's satisfaction.
     
  13. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    853
    How does RBRX handle the "scan for and attempt recovery of bad sectors" option in chkdsk?
    Furthermore how does RBRX handle a randomly failed sector on the disk to begin with?
    Or any sort of sector scanner. Because sector 45342 may not actually be 45342.
    How about an in-windows refresher? I see a huge snapshot as a result here.

    Those are questions for HDS.
     
    Last edited: Apr 10, 2015
  14. TheRollbackFrog

    TheRollbackFrog Registered Member

    Joined:
    Mar 1, 2011
    Posts:
    3,045
    Location:
    The Pond - USA
    HDS' very own Sam Smith has stated publicly... "With RollBack XP you can run chkdsk. No worries!" and when asked what version Rollback XP is based on... "It's based on RollBack Rx 10.2"

    That tells me that my original assumption concerning ChkDsk running UNDER the protected OS is most likely correct. My second statement above concerning running ChkDsk OUTSIDE of the protected OS (WinPE, WinRE) has been proven to be true by those that have done it and basically destroyed their system.

    Again... it would be nice if some HDS representative stopped by and gave us the DEFINITIVE statement about ChkDsk running both UNDER and OUTSIDE of the protected OS. If not, I'll hit their Forums and beat it out of them... :D
     
  15. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    853
    "Scan for and attempt recovery of bad sectors" also?
     
  16. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,130
    Hi Mr Frog, any word from HDSville on this? Have you posted it on the HDS Rx forum?
     
  17. Kurtis Smejkal

    Kurtis Smejkal Registered Member

    Joined:
    Mar 17, 2015
    Posts:
    253
    Location:
    Vancouver, BC
    Our tech support and development teams are looking it over to make sure it all makes sense, but I know Froggie shouldn't have anything to worry about in this regard. We'll update once we're at a point on whether we publish it or not.
     
  18. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,400
    Location:
    California - USA
    Hi Froggie,

    Your paper is an excellent summary of the risks associated with using Rollback Rx rather than an FAQ, so I would suggest changing the title accordingly!

    Re your statement "...the only known method for completely protecting a Rollback enabled system (including the CURRENT SYSTEM STATE, RollBack Rx™ and all its snapshots) is to perform what’s known as an External COLD Imaging operation of all the disk blocks (used and unused) located on any Rollback protected partition" ...although you do qualify the COLD imaging process to be of 'all disk blocks', I think you should add the common imaging modes typically associated with this imaging method - i.e., 'RAW', 'ALL SECTORS', 'SECTOR BY SECTOR', 'FORENSIC' and 'MAINTENANCE MODE'. As I'm sure you know, I've been using this backup method successfully for nearly a decade. While it works flawlessly to completely and accurately backup an RBrx system (including all snapshots) you should mentioned that the penalties incurred are more time and more storage space required for the resulting image. To complete the topic of backing up an RBrx system you should also discuss HOT imaging, how RBrx v10.x changed that 'ballgame', and the potential capabilities of Drive Cloner v6.

    Finally, an area that was not addressed re potential risks in an RBrx environment is that of malware. In most instances an RBrx user can recover from a malware infection by rolling back to a prior snapshot (before the infection occurred). However, there are types of malware (rootkits) in the wild which can infect the MBR and issue direct writes to disk. To the best of my knowledge RBrx cannot protect against this type of malware and rolling back to a prior snapshot cannot eliminate the infection. Therefore, I believe it is essential to add anti-malware protection to an RBrx system!

    pv
     
    Last edited: Apr 17, 2015
  19. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,130
    Tried to go to the Rx forum to see how Froggies FAQ thread is doing and there is are technical issues and the site is down. Last time I checked there had been a fair number of views but no comments. You would think users of Rx would appreciate knowing this stuff and thank Froggie for his efforts.
     
  20. pvsurfer

    pvsurfer Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    1,400
    Location:
    California - USA
    They are experiencing difficulties. As of yesterday there was no change in the status of Froggie's 'FAQ', it is still on hold, apparently under review by HDS execs. I would really be surprised if HDS releases it (as is) on their forum for the very reason I alluded to above. I found Froggie's FAQ document to be an (honest) assessment of major risks associated with using RBrx, but not the rewards, so HDS' execs may not look favorably on it.

    pv
     
  21. Kurtis Smejkal

    Kurtis Smejkal Registered Member

    Joined:
    Mar 17, 2015
    Posts:
    253
    Location:
    Vancouver, BC
    It's not that, it's moreso that our development team has more insight into the product, and we need them to look for things that perhaps you guys as the end user sees, but perhaps there is a logic to it or explanation that they will give. So they will be looking for those areas. I don't want you to think it'll go up as is, but if anything you'll get more information and background on this.

    As for it taking a while, well we're currently focused on Drive Cloner's Version 6. Since this has been 'years' in the making. Our development team and tech support are going to look at this, I can guarantee that. However we're currently trying to focus on getting Drive Cloner Rx ready to go ASAP.

    Cheers,
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042

    Kurtis you are joking I hope. Surely HDS has a QC department that tests and should see all the problems. Also all they need to do is go back and read all the posts on the deleted forums. It might be good if you checked them out for yourself.

    Pete
     
  23. Scott W

    Scott W Registered Member

    Joined:
    Sep 21, 2008
    Posts:
    484
    Location:
    USA
    Pete, is that to suggest the deleted RB forums can still be accessed?
     
  24. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    I don't believe users can, but surely HDS has access to them.
     
  25. Scott W

    Scott W Registered Member

    Joined:
    Sep 21, 2008
    Posts:
    484
    Location:
    USA
    I read (somewhere) that HDS lost the old RB forum due to a catastrophic problem.

    A separate issue: Why is it that I cannot access Froggie's FAQ document?
     
Loading...