Scanning with A-Squared!!

Discussion in 'FirstDefense-ISR Forum' started by marse.robert, Jan 11, 2008.

Thread Status:
Not open for further replies.
  1. marse.robert

    marse.robert Registered Member

    Joined:
    Nov 3, 2004
    Posts:
    255
    Location:
    Langar: Nottinghamshire: UK
    Hi all, and a Happy New Year to you all.

    This must have been asked before but I cannot find any trace in the search facility.
    Here goes: for each FD-ISR snapshot, Windows creates respective files - for example C:\$ISR\1 and so forth. Therefore, when I use A-squared to scan my files the process goes on forever. Surely an exclude exists to circumvent this?

    Anyone?

    Marserobert
     
  2. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    I have A-squared scheduled to scan on tuesday afternoons, and i've noticed the same thing. Probably, you'll be advised that your question is better posed and answered over on the A-squared forums. If you do so, be sure to come back at let us know what you learned of :)

    Thanks,

    Chrome
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The last scanner, I used to verify my approach was A-squared and my impression was that it scanned the whole harddisk, ignoring snapshots, just like NOD32 does. I consider this as normal.
    Otherwise you have to contact the developer and ask him to provide a feature in A-squared, that allows you to exclude objects.
    Or schedule it, like Chrome_sturmen did, so that you don't have to wait.

    I don't use scanners anymore, because I don't need them anymore and replaced them with something much better. That's why A-squared didn't find anything on my system partition, just like all the other scanners.
    Even restoring a clean archive or even restoring a clean image is faster than a full scan with A-squared.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    It's an individual program thing. KAV didn't scan all snapshot. But I like Erik, don't use them any more.

    Pete
     
  5. marse.robert

    marse.robert Registered Member

    Joined:
    Nov 3, 2004
    Posts:
    255
    Location:
    Langar: Nottinghamshire: UK
    Hi Eric,

    There is a facility to "exclude" within A-square. However, it appears to be very fundamental. For example, I can exclude FD-ISR from being scanned - so far, I do not think the application scans the snapshots. Each snapshot is given a specific number - C:\$ISR\1 and so on. So if I have 10 snapshots then A-square will scan all 10 snapshots.
    I have read your earlier posts of dispensing with scanners and relying on booting to a safe snapshot - which I do like.

    In fact, I did try this method but I used Prevx 2 as a safeguard. I must say that I felt rather "naked" without all my normal security.

    As I consider myself as one of the fortunate as I do have an original Raxco copy of FD-ISR, I just might make all my security redundant and just use FD-ISR.

    Marserobert
     
  6. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    Marse, I considered the option, of utilizing a frozen snapshot myself, but anticipated a few problems with that approach. The main trouble being the fact that due to the way I use my computer, it's usually in some state of change (i'm working on building up my system now, in fact) And that just wouldn't mesh well with fdisr's frozen snapshot approach. I can see where that approach would be beneficial to a system which required absolutely no change. Further, beyond a user such as myself who usually has things changing, it seems even a user who wants to keep things static, would need to make even small changes (i.e. bookmark updates, windows patches) that would make the frozen snapshot approach a bit more trouble than it's worth. I'd love to meet a user, who was contented with using a system that was absolutely unchanging. Now maybe for a university, or library computers or those in other similar settings, it could well be ideal, but I just don't see the practicality for the average home user...
     
  7. marse.robert

    marse.robert Registered Member

    Joined:
    Nov 3, 2004
    Posts:
    255
    Location:
    Langar: Nottinghamshire: UK
    Hi Chrome,
    Today, I was reading an article over on Castle Cops. A chap installed Prevx 1 - about a year ago. He then, over that year, posted his experiences throughout that year on a regular basis. It made interesting reading.

    Just using Prevx and no other security, he and his Wife used their conputers in every sense, and one year later, he reported that Prevx protected his two computers faultlessly. His particular system evolved over that year and continually changed.

    I have tried that procedure over a very short time, and it did work rather well. I have also tried using FD-ISR's freeze function to effect - but a little cumbersome. My security applications will be operative for the coming year and therefore, static!

    Do I use Eric's approach, which I like, and ditch all my applications? There lies the rub.

    Regards,

    Marserobert
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    FDISR without security softwares ? That is not a good idea.
     
  9. marse.robert

    marse.robert Registered Member

    Joined:
    Nov 3, 2004
    Posts:
    255
    Location:
    Langar: Nottinghamshire: UK
    Hi Eric,

    What security would you have in tandem with FD-ISR?
    I have: Nod32 AV and the new Eset FW+AV, Prevx 2, A-squared, RegRun 5 Platinum and Super AntiSpyware.

    I have recently generated some doubt about Nod32 and the new derivation of FW+AV. I am gravitating toward: PrevX2, Regrun5, Windows FW and FDISR.

    Any suggestions, Eric?

    marserobert
     
  10. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    nod32 has for me in the past, caused errors with fdisr. now that i'm using avira, things flow far more smoothly.
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I never recommend any security software to anyone, because I'm not qualified to do this.
    I'm just an average user with a poor knowledge of internet, malware and anti-malware.
    I don't work with knowledge or experience, I work with theoretical logical reasonings and I use the stuff, I learned already from Wilders and readings.

    What does a malware do in practice ? It CHANGES your HDD. That's how malware betray themselves and I use that weakness to remove them : change & anti-change results in nothing.
    Do scanners remove ALL changes ? No they don't due to well-known reasons.
    Is there a software that undoes changes ? Yes, all ISR-softwares do that.

    So I replaced all scanners with an Anti-Change software : FDISR, which removes 3 kinds of malware.
    1. Known malwares
    2. Unknown malwares
    3. Unborn malwares
    Unfortunately, FDISR doesn't do that immediately, it only undoes changes when you refresh your snapshot with a clean archive and that is too late.
    The installation of a malware is harmless, that increase only the volume of your HDD.
    The execution of a malware is the real danger and needs to be stopped.
    How can you stop a malware ?
    - stop its execution by using a whitelist ---> Anti-Executable
    - stop its execution by using handcuffs ---> DefenseWall.
    - stop its execution by putting them in jail ---> Sandboxie.
    - stop its execution by watching its behaviour ---> I don't have that software yet.
    - stop its execution by ... (stuff I don't know yet)
    All that happens in real life too with criminals.

    Removal of malware wasn't enough for me : registry, history and especially junk was also a problem.
    To solve that problem easily, I use an archive that contains an CLEAN and UNUSED system partition and that removes any superfluous objects on my system partition.

    So I gave you a few examples of my reasonings, all very simple and obvious and this can be done by any less-knowledgeable users.
    I didn't tell everything, but enough ... If you are able to improve it, I'm all ears.

    I work like this already more than six months.
    My system partition repairs and cleans itself automatically during each reboot and that's all I do. The rest is work and play.
    I'm still not happy, because the softwares I use are still not good enough.
    The problem is : I can't do anything about it, so I wait ... like a zombie until something happens. :)
     
    Last edited: Jan 11, 2008
  12. sparkymachine

    sparkymachine Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    249
    Location:
    East Lancashire, UK
    You will forever be waiting for the perfect solution. The very nature of the use of our PC's on the internet and hardware & software being used being almost infinitely variable means that no one strategy could be made to be 100% perfect for every situation.

    The environment is by its very nature under constant evolution and prone to unkown attacks, it thrives on and under its own steam of imperfection, economically and technically. And no one wants to stop it.

    The only way to rid our home computers of the need for self cleansing strategies and/or protection software would be to isolate the operating system and networking software from outside influences. On the VAX/VMS systems I used to work on, the operating system was untouchable - not even software installation could touch its core operational software or data unlike with Windows where almost anything goes.

    The operating system could then more easily address protecting the rest of the system including additional installed software and the user environment. Microsoft will never provide such an operating environment for the user if only for economic reasons, or it would be crap if they tried.

    As you might guess I've never been a 'fan' (thats another thread!) of Windows since it came out, or the X86 processors, so Intel are just as bad. CPM was good in its time, a nice simple op system, since then, Gates has been allowed to run free.
     
  13. Empath

    Empath Registered Member

    Joined:
    Nov 13, 2002
    Posts:
    178
    My system is a versatile, changing, dynamic and programmable system. One can make their system static, and perform no more than its designated dedicated activities. An appliance does not have to be user programmable to perform an exemplary task. The boot-to-restore policies that have been explained many times by Erik is a good example that it's so.

    The industry has fleetingly in the past, offered such ready made systems, called internet appliances and computing appliances. It's interesting that they never made enough of an impression on me, that I even remember the one's marketing them. To an extent WebTV was one, though there were situations beyond the limits of being simply an appliance involved there. Basically, and quite possibly due to it's timing, the marketability was not sufficiently there. Today, with the practicality and need for accessing and using the net, it's quite possible some with absolutely no interest or need for the flexibility of a dynamic system would find value in the static arrangement of such an appliance.

    I do think the concept of totally static operation is a reasonable concept for some, and Erik's suggestions of getting there can be quite valuable. For many of us, and likely most, we prefer the system I described as mine; a versatile, changing, dynamic and programmable system. Scanning, virtual environments, HIPS, signature comparisons, and all type of ingenious devices to stay ahead of what might exploit our dynamic systems will remain a serious point of interest for us. For others, a dedicated unchanging system will make concerns of outside tampering with their systems of no significance.
     
  14. sparkymachine

    sparkymachine Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    249
    Location:
    East Lancashire, UK
    Hi Empath, I'm not sure if you were replying to me cos it was awfully quick if so.
     
  15. Empath

    Empath Registered Member

    Joined:
    Nov 13, 2002
    Posts:
    178
    No, yours appeared while I was still typing. You made a good post, though.
     
  16. sparkymachine

    sparkymachine Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    249
    Location:
    East Lancashire, UK
    Thanks :)

    Not sure which bits to isolate to actually quote so can I ask:
    I am beginning a strategy whereby I have as much as possible away from the C partition (already) and have been able to restore to almost clean installs, no problem. To keep it that way I intend to make regular restores rather than regular backups, sort of turn it upside down. So if I restore the system say every week, apply any updates and changes or tweaks i made during that week, then back that up before doing any other net access and leave out any mistakes I might have made, I would be able to keep a relatively clean installation. As far as malicious attacks go, I would still have to have protection for other data which would not be involved in this process.

    Also, depending on software used there might well be some configuration or other data I might want to keep and overwright onto any restored system, such as things like network traffic data, favorites, start menu,,, that I might want to keep.
     
  17. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    If you made that restore each week, it would over-write any changes you'd made during that week right? How would you merge your beneficial changes into the restore you'd made?
     
  18. sparkymachine

    sparkymachine Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    249
    Location:
    East Lancashire, UK
    Thanks for asking, any changes I made would be noted by me as I do already and so I would apply them immediately after a restore, then back the system up again and carry on another week.

    The period of time might not be a week, it might be three weeks or whatever if few system changes occur.
     
  19. sparkymachine

    sparkymachine Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    249
    Location:
    East Lancashire, UK
    oops missed that last bit - i have already identified the bits I need to back up separately. I take a backup of those immediately before doing a restore and then restore over the top of the main restore. It works a treat.

    I suppose you would have to be careful only to use this method if the data you are overwriting is not going to cause any registry conflicts - I can give you a list of this data I select if you wish.

    I am not talking about overwriting any antivirus signatures or anything like that.
     
  20. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    Let me use an example to convey my point: say you were restoring to your clean image once per week. Along during that week, you'd created various new bookmarks. You'd keep track of the bookmarks you'd created, then once you did your restore, you'd go back and add these bookmarks (and whatever else you'd done that you wanted to carry over) then re-image? Just trying to get an understanding on this end.

    Thanks,
    chrome
     
  21. sparkymachine

    sparkymachine Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    249
    Location:
    East Lancashire, UK
    Yes, just like that. I don't use bookmarks or favorites anymore for sites, i save my own outside of the system but some things can't be altered. So I save my acerose password vault from program files, some GIMP files, some game state files, even start menu info, and i use the best utility for renaming files i've come across called renamemaster and it allows you to store renaming templates - so I save all that sort of stuff then simply overwrite after a restore.

    So I'm not tracking all things, those backups are set in place but added to as I go along. The only things I need to write down are any changes I make to the installation which i want to repeat.
     
  22. sparkymachine

    sparkymachine Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    249
    Location:
    East Lancashire, UK
    Rather than edit all that which was rather laboured, yes

    restore; make any updates and changes; keep a brief log of those changes; back it up and carry on
     
  23. chrome_sturmen

    chrome_sturmen Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    785
    Location:
    Sverige
    I follow what you're saying now. Much obliged :thumb:
     
  24. sparkymachine

    sparkymachine Registered Member

    Joined:
    Dec 24, 2007
    Posts:
    249
    Location:
    East Lancashire, UK
    You're welcome :thumb: :) :)
     
Thread Status:
Not open for further replies.