someone should explain this please

Discussion in 'FirstDefense-ISR Forum' started by hany3, Jul 4, 2009.

Thread Status:
Not open for further replies.
  1. hany3

    hany3 Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    207
    one year ago i was playing with rollback rx ,and i didn't know at that time the precise nature of this program , in the next day my brother restore a ghost image for the system drive and the result was complete failure of booting
    the pc ramained many days failing with no apparent solution untill i know that the problem was error in the MBR due to alteration on the MBR by the rollback rx while the ghost restore the whole "C" drive except for the MBR that was remained changed by the rollback rx


    the same scenario happened yesterday but with changing the rollback rx with FD-ISR rescue
    this time someone restore the "C" drive ghost image while FD-ISR is installed

    but the surprise is nothing wrong happened , in fact i was shocked
    assuming that both rollback and FD-ISR work under a general principal of playing around the master boot record
    the supposed scenario should be another complete pc failure with a huge catastrophe like the one hapened one year ago

    can someone tell my exactly what happened?
    why my pc didn't affected , why it still working very good after restoring the ghost image of the "C" drive
     
  2. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,558
    Hi hany3,

    can you explain better? does the pc boot or not after restoring with FD-ISR installed?

    FR-ISR does not alter the mbr.

    Panagiotis
     
  3. hany3

    hany3 Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    207
    it worked well and nothing wrong happened and that was the surprise for me

    in the help file there is something written about i must disable the preboot menu if i'm going to restore an image for the system drive and i didn't do that

    just someone restore the system drive image without disabling the preboot menu or uninstalling fd-isr

    sorry what u mean by not altering mbr so how can it has a pre-boot menu
     
  4. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,558
    Ok... as expected.:)

    It modifies the boot sector of the system partition not the master boot record.

    Panagiotis
     
  5. hany3

    hany3 Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    207
    thank you so much for explanation despite i don't know the major differences between altering the MBR and altering the boot secor of the system drive

    but i concluded that this point make FD-ISR non-risky on contrary to the eazfix and rollback rx which sometimes cause major problem for pcs after playing with the MBR so that any bootable media can easily destroy the harddisk of a pc with rollback installed on it

    but r u sure about the so called altering the boot sector only ??
    i know since long ago that FD-ISR and consequently all softwares that are based on it like FD-ISR RESCUE work mainly in the mbr since its 1st versions


    thanks again
    best regards
     
  6. hany3

    hany3 Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    207
    and the result will be greater compatilbilty between FD-ISR and any imaging backup software on earth , interesting :thumb:
     
  7. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,558
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Hany

    FDISR and Rollback are as different as night and day. FDISR is simply another set of regular windows files. They are maintained by windows and any windows software can access them, permissions being the only issue.

    Rollback on the other hand is quite different. It passes file changes though it's driver and maintains a record of the sectors on the drive in it's own database. Windows file system doesn't see them.

    That's the major difference.

    Pete
     
  9. hany3

    hany3 Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    207
    thanks peter and pandlouk for ur clear explanation
    i thinl reply after reply things become more and more clear and obvious
    and now i have 2 Q :

    1- is there any possiblity even 1% that any virus infection in one active snapshot can spread infection "by medical expressions which are my real life" to other non-active snapshot which is also present on the "C" partition but has no access rights

    2-is there's any possiblity to disable logging of FD-ISR
    i tried to disable the main ablication "not the service" from startup to decrease memory usage and every thing goes well but i don't know if this will disable the logging or not . if there's another way please show it
     
  10. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    1) thats why clean external archives are so desirable,i guess that in some way other snapshot on C: can be compromised.
    Its not an antivirus solution.
    Beyond that have always a reliable imaging solution w.o.w can you restore ? and is the image reliable as well.
     
    Last edited: Jul 5, 2009
  11. hany3

    hany3 Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    207
    Huupi
    from ur reply i concluded that u believe that there still a possiblity for spreading of any virus infection to other non-active snapshots

    i'm sure u r right but firstdefense-ISR from the name "1st" "defense" "instant recovery"

    1-fd-isr should protct "defense" ur system if got compromised by any nvirus infection by bootimg to other clean snapshot

    so what is the value if all ur snapshots are infected in same way

    2-fd-isr should recover ur system "instant system recovery "ISR " , if one snapshot got virus infection and windows become unbootable , if other snapshots become infected also , so the result will be completely unbootable pc
    and at this point any external archive of a snapshot will be useless as FD-ISR can not use for booting

    absolutely right
     
  12. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    If virus make pc unbootable and all snapshots are infected then thats end of the story.Your concern about one snapshot infecting the other resident snapshot,IMO its possible but i have no hard evidence to support my feeling.
    Nevertheless with some explorers (xyplorer but albeit limited)) you can search the other resident snapshots,so if this utility can open, how about malware......?
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Note that by it's nature FDISR will protect you from a lot, but it is not intended to protect you from Malware attacks. Any program that can modifiy the file system permission structure could in theory attack FDISR's other snapshots.

    Protection from that lies in the fact that there isn't enough of an installed base to make it worth targeting FDISR.

    PEte
     
Thread Status:
Not open for further replies.