Simple snapshot recovery programe required

I said this because the OP wants some way to test software. IMO SU is not a very good choice here, though it may be s good choice for a boot to restore system. It,s the only point.

BTW I am not sure that SU is well supported. I use SS and i have not seen a new version of it in years, inspite that it has been proven to fail against KillDisk.

 

First ShadowSurfer won't help you as it won't reboot in persistent mode. The only reason you use it is because you didn't pay for it. you guys are like broken records, SU fails against KillDisk, if you plant and execute KillDisk physically on your computer. So does the king of testing programs, FDISR.

Any antivirus/malware will stop killdisk and we all know that to use a virtual program on his own is not enough as they are not security programs per se.

As for support (you are not sure? Find out first), I don't know what you are talking about: PG disappeared, BoClean merged, Ewido merged and FDISR, alas, they are ruining it by producing a 'new version'. It sounds like SU not being a signature based application doesn't really need a new version.

The OP wants some way to test software, I know, this was my first reason for posting, so let him make up his mind objectively.

 

Problem is that some people take their favourites as personal. It,s pretty useless to post anything in this scenario. It should by my last post in this thread!

 

I don't consider the Killdisk Trojan as a threat and not as an argument to use an ISR-software that can survive this very destructive malware.
It's proven that FDISR cannot survive KillDisk and it's even much WORSE. KillDisk damages your partition(s) so badly that even Recovery CD's, to restore an image, can't do their job.

A Killdisk attack would scare me too, because you don't expect this to happen, that is a normal human reaction.
When you insert your Recovery CD to restore an image and you find out that even that doesn't work, you are in a situation that leads to PANIC, because your last hope to recover anything is gone. When your personal data is on the same partition, you have even more reason to panic.
A user in panic is on the verge of madness and can't think straight anymore and that makes the situation even worse and there is no shrink to give you any medical/mental attention.
So you have to solve a Killdisk attack in advance, when you are not in panic and that's what I did.

The worst problem is that your Recovery CD is worthless and your Image Backup software under Windows is also worthless because you have no access to it anymore.
This can be fixed in two ways :
1. Zero your harddisk with a CD, that contains a zero tool.
I have such a CD and I know it works after numerous tests. I prefer that method because it removes any trace.
You have to create this CD in advance, because you can't create it when your computer is useless. One CD is not enough, you need at least one duplicate.

2. Restore your partition(s) with a CD, that contains a partition software.
I have no practical experience with such a tool, but I have that CD also. It is supposed to work in theory.

Once your harddisk is back to normal : zeroed or healthy partitions, you can use your Recovery CD to restore an image and you are back in business.

Normally I have Anti-Executable to prevent a KillDisk attack IMMEDIATELY, but I consider my recovery solutions alot safer than depending on a security software.

 

Aigle, this is not personal: 2 years ago I bought SU, paid 69 $ for it, never got the slightest infection, not even the most harmless adware, had 2 issues due to conflicts which were solved by Storagecraft support within 48 hours (they won't reply to you without the product key, too many pirated versions), and here you are splitting hairs about it.

I'm talking about SU, because I use it, and couldn't see any fault in it. I have Returnil on my son's computer, and given the fact that it is free with some important new features compared to SU, I could talk about what it can or can't do. So far all I can say is that it is the perfect virtual application 'set it and forget it' especially for somebody uninterested in these things like my son.

You enjoy testing multiple applications, sometimes simultaneously which would push any system to the limit of its stability. I think for testers like you there is only one real answer: VMware workstation.

Please no bad feelings.

 

What I should mean by this?

My comments was due to the fact that OP might do some malware testing. Testing by an Wilders members means, he might play with the most odd and unique malware and non-malware executables. KillDisk is one of such executables. There might be many others that play at partition table level. Experimental bootkits are still another possiblity( though I have tested none).

My point was diffrenet. Killdisk killed SS/ SU and programm was not updated to deal with it. I take it as not well supported. I know the bitter reason behind was the piracy but it,s no excuse IMO. BTW I do have a genuine key( not a pirated one) though it was ofcourse free at that time( not sure now).

I agree but can,t afford the price of a VMware workstation and a new copy of windows just for testing. It,s insanely high due to diffence in currency value.

None now!

 

I think you are over reacting.

1) To test malware and to test new programs are totally different things.
(testing malware is a very specialized field, that goes well beyond the original context of ShadowUser)

2) KillDisk according to Peter2150 (who ran the test) killed ShadowUser and FDISR, the two few programs that allow rebooting of programs. Nobody here at Wilders in their right mind would use these programs as the only layer of defense, and you know that very well. What's the point in having Returnil for exemple which survives killdisk, but you can't test anything that requires a reboot? I repeat any AV will stop from executing killdisk nowadays.(I have AntiExecutable). You say there is no excuse from not updating ShadowSurfer and ShadowUser, but you still keep using ShadowSurfer. You are confusing support issues with what you get, and upgrading which for many programs means paying more money (e.g Acronis)

3) I have never implied that you had a pirated copy of SS. It is well known among us that Storagecraft had a fairly long promotion giving away SS for free, and you expect them to put even more work in upgrading for free.

My feeling is that you haven't been fair in judging Storagecraft especially when one hears the enthusiastic reports about the support offered to ShadowProtect, same company different product.

I have a question for you: Disregarding VMware workstation (which is very expensive) What is your ideal testing program?

 

I have to agree with Osaban regarding legitimate softwares requiring a reboot.

If you want to test such a software in Returnil, you have to turn OFF Returnil and install that software without immediate system recovery in the background.
If that software corrupts your system or causes a frozen BSOD during reboot, there is no other way than restoring an IMAGE to get your system back and an IMAGE is not considered as immediate system recovery.
If you want to test such software with Returnil on board, you better backup your system first.

This is a serious shortcoming in all ISR-softwares that can't handle such softwares and most of them can't. This is simply forgotten or ignored intentionally by the developpers and there is no excuse for this.
The number of such softwares is too big : almost any security softwares requires a reboot : firewalls and scanners.
That's why I don't use these ISR-softwares, that's not ISR, that is sometimes ISR and that is not enough.

 

Agree, and my post was basically in view of malware testing.

See it in a testing scenario not in day to day use.

I never suggested Returnil even.

KillDisk is an example, not the end of story.

I have no other choice ATM. I do use it for testing but not for KillDisk type stuff.

U are right. My wording was probably wrong. All I mean to say that there is no upgrade/ update to this software.

Where have I said that I expect them to do it free? I don,t believe in free bussiness.

A real system ofcourse.

BTW take my post mainly in a scenario of malware testing. Even if we disagree on some/ all points, there should not be any problem.

 

it does as intended,

snapshots are super fast to create and execute.

snapshots take up very little HD space.

no problems since i have been using it, does what it says.

one of the better software purchases i have made in recent history.

 

I also was a secondchance user on 98se ,and although its not as powerful as rollback rx it was a damn sight easier to restore files than rollback is imo.Too answer your question though ,i did purchase rollback rx and haven't had any problems with it on w2000 pro.I use it very often when installing /testing new software.I dont have any partitions so dont know how rollback would work with this although it claims to.Im not sure how it would affect your internet connection though? and i also dont get any shutdown problems.There is a rollback forum that may help if you tried it again.

 

CSJ, I suspect you're using v8.1, but although I'm using v7.2.1 (final build) I would echo your recommendation and your 4 points. In addition, RB snapshots are very easily managed (automatically and/or manually). And now that I can backup my system partition while retaining RB functionality and all snapshots, so much the better!

 

thanks for the answer, I'm testing roxio's backontrack suite v3 right now and so far so good, better than rollback rx IMO.

Best regards.

w.

 

@Appster: a bit OT:

Umm; did I miss something, somewhere ??

Longboard

 

Apparently... With the help of members such as markymoo and especially nexstar, I'm using Drive Snapshot in 'maintenance mode' (after first booting up with UBCD4Win) to backup and restore my entire C-partition. UBCD4Win isn't actually necessary, but it makes backing up and restoring far less complicated (and faster)! That's because it accommodates all DS operations in a Win GUI (instead of DS' crude DOS recovery disk).

 

Did you have to backup MBR sectors 0-63 acc. to markymoo:s receipt separately or not ?

I have created a BartPE with both ifw and DS...but when using secinspect cmd I get: error 5, drive.dsk access denied...

 

Nope. After booting up with UBCD4Win I simply used DS' Win GUI to create a 'Maintenance mode' image of my system partition (which apparently captures all necessary sectors)!

 

Ok then.
I'll be looking at this ( i have been following the other thread but there was and is some conflicting info there)

This is still a painful and irritating way to do image; just to accommodate RollbackRx.

I guess it's better than not being able to do it
Depends I 'spose on how much value you place in RBack.

Have you restored and rebooted? Need to test this solution.
How much time for how big a disc with how much used space for image and restore?

Regards

PS I may have missed this also: why does ATI and SP not achieve the same results as they both claim to backup MBR or do they ( achieve same results) Does this have to be done outside windows.

Why not a Linux based tool: eg Knoppix?

I will go back to here: https://www.wilderssecurity.com/showthread.php?t=189409
and read again from the start.

LB

 

Well, now I´m also in confusion...I also made a DS image in maintenance mode in BartPe and took for granted that to be sure it´s essential to make a sep backup of 0-63 sectors...If it is´nt (!) that´s terrific...Guess I have to make a test restore to see by myself...
My C partition on ~17 gigs took around 30 min, bartpe/DS, to backup to a total ~8.7 gigs splitted sna files to an external FAT32 USB 2.0 drive...

(...now it´s really hard to follow all threads in different topics...)

 

Why so?

Of course I did. My 16GB C-partition snapshot is just over 8GB. I didn't time it, but it seemed to take about 15 minutes/operation.

Up to now, I've been using v9 of ATI (home edition) which does not have a sector-by-sector backup-option like their corp editions. However, my friend has the latest ATI home edition (v11) and he tells me it now has this option. Paragon HDM v8.5 also has this option but I haven't tested it yet. I can't speak for SP.

 

Peter, am I to understand that you "have to collapse to (Rollback's) baseline snapshot" in order to create a restorable image using your SP boot CD? ...even when creating a 'raw' image? If SP only captures RB's baseline snapshot that implies that SP's 'raw' mode is not capturing all relevant sectors.

 

I get your point (although 'empty sectors' doesn't sound like the same functionality as 'sector-by-sector') ....in any case, a very good reason for small system partitions (unless no can do because of FDISR)!