Security software that changes the system...

I'm hoping for a broad, informative and constructive discussion of some of the familiar security software titles that make fundamental changes to the PC file system, OS, MFT, etc.

From info borrowed from a nearby thread, we can begin to compile a list:

• Kaspsersky modifies NTFS identifiers.
• FDISR modifies the MFT.
• Rollback/Eazfix modifies the whole file system.

Why do some of you not mind this sort of practice?
Why do some of you avoid such programs?

How commonplace is this practice? (Can we add to the above list?)

Aside from Kaspersky (which has been thoroughly discussed elsewhere), does anyone feel such practices have caused them problems?

 

Version 7 of Rollback messed up after a couple of months in my machine (the snapshots became corrupted) It was working perfectly for a couple of months and then without any apparent reason the snapshots got corrupted and that made me loose confidence in it.

I have not used version 8 (since I have to re buy it if I want it and it has shown that 30 day trial doesnt reveal eventual problems) so I can not say if it would work better nowadays. I would buy it instantly if I knew that I could rely on it coz I love their approach.
I might add that I use the old version 7 in a Vmware session and so far it works fine, but of course I dont use that session as much as I did use RB earlier so that is not a big surprise.

I have had FDISR for 4 years and it has never failed me or caused any problems. Thats why I accept such practice as you suggest. I dont mind such practice as long as the software does what it claims without creating problems.

 

I quite agree with this. The point is to always bear in mind what kind of changes the software you're using makes, it will help you to avoid many possible problems. There was a thread some months ago regarding Outpost suite using ADS feature of NTFS (a rootkit technology), which was not welcomed by many. However, I am not so quick with condemning any feature as bad, as long as it doesn't create problems. So, I don't mind system changes, if the software does what it should do.

A slight OT. I have recently switched from VMware to Parallels (responsiveness is better), but I do remember that VMware (Workstation) has a feature called "snapshots", which basically does the same thing as RollbackRX. I have never used it, so I am just curious - do you find any benefit in using RollbackRX on a VMware, being that it already has a similar feature?

 

I havent actually used the Vmware snapshots much and it was quite long time ago so I cant say much about it. I will try it and see if they are similar.

 

Okay, I've seen many, many members around Wilders complain when a program doesn't "uninstall cleanly". There have been many threads expressing frustration with well-known AV's that leave stuff behind, threads about registry cleaning, threads about uninstallers like TotalUninstall. And in these cases, we're usually talking about some dead registry entries and a few DLL's. Why are folks more worried about such things than programs that make system changes that IMO are more profound?

Am I missing something? If I uninstall FDISR or Rollback, do they restore the MFT to it's original state?

The reason I ask, indeed the reason I started this thread, is that I adopted a lot of my philosophy and sensibilities about security here at Wilders over the years. Not that I am incapable of drawing my own conclusions (for instance, I think that registry cleaning is more often than not a time waster). But one of the basic principals that I thought had been decided was: messy uninstall = bad.

 

Hmm..I dont actually know if they restore to the exact original state. All I can say that uninstalling any of them has not done anything bad that I am aware of. Things just work as if they have never been installed. I guess that means that they do a clean uninstall generally.