Think I messed up my snapshots :(

Discussion in 'FirstDefense-ISR Forum' started by Horus37, Jan 5, 2007.

Thread Status:
Not open for further replies.
  1. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    There really should be some kind of good tutorial setup on this website on how to configure your system for best results of a good snapshot of the basic system so you won't encounter problems later. Here's what happened to me. I did a complete rebuild of my laptop from scratch the OLD FASHIONED way with a full reinstall of xp home and all MS patches/updates. Once i had this VIRGIN system done I installed FDISR and that's where the problems begin.


    What I wan't to know is :

    Should I have set up my computer setting more by setting up a limited user account first and password protect both admin and limited user account and saving those settings by a log off and on again in both accts before doing a snapshot?? Plus PLUS should I have ALSO disabled MS restore functions before my install of FDISR? Then the issue becomes WHEN do I do a DEFRAG! Should I have defragged BEFORE the FDISR install onto a fresh rebuilt fully patched system? I did a system analyze just to see how fragmented a clean fully patched and updated new reinstall would be and it said it was about 8% fragemented. Thats harsh to swallow on a rebuilt fresh system. So questions now about when to do a defrag, when to install FDISR when setting up admin and user accts with pssword protect and why or why that is or isn't important.

    Next my questions continue with at what POINT in time AFTER the initial install of FDISR should you ENABLE data anchoring because it CAN make a difference if you don't FIRST setup a limited user account and password protect them because how is a system supposed to share files between shapshots if one snapshot has both an admin and limited user account setup and one snapshot only has admin and the data anchoring had the info saved in it from both admin and limited user account favorites and My documents? I'm currently thinking now that I have to remove info about my limited user account favs and My documents from the data anchoring saved file and worry now about corruption of that said data anchoring file. Sheesh. I have it in my head that it could be problematic to remove files from the data anchoring file. Anyone know? What issues should I be made aware of? All my snapshots are from a primary snapshot WITHOUT the limited user acct setup or the admin password protected yet. Lots of issues...My system currently WON'T accept changes to the limited user account because I THINK (not sure) that the data I put into the data anchoring file is messing with my ability to change settings in my limited user account that you normally are able to change with a limited user account such as the power settings for the limited user and "ask for password upon resume" for the screen saver. I'm have screen saver issues now. I want to disable this stuff in the limited user account but it won't let me. UGH!! I did disable this stuff in the ADMIN account so not sure why it won't in the limited user account other than to guess the files I put in the DATA ANCHORING file are messing with it. The data I did put in there was the limited users accounts "Favorites" and "My Documents." Is that normal? What issues should I need to be aware of when REMOVING data from the data anchoring file?


    In summary:

    When to do defrag? What issues to watch out for in a defrag such as MBR?

    ON fresh reinstall is it a problem for data anchoring to share data between 2 snapshots if one doesn't have the limited user account yet?

    If setting up a data anchoring situation with the limited user acct info such as "Favorites" and "My documents" why does it lock up settings in the limited user acct so they can't change screen saver or password or power selections? This is still allowed in a limited user acct pre-data anchoring.

    What issues to be aware of when removing data from a limited user account in the data anchoring folder if any?


    Thanks for any help.
     
    Last edited: Jan 5, 2007
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,045
    Horus

    Having read this post my head is spinning. I am not surprised your computer is also.

    Put the KISS principle to work. Keep it simple.

    1) I'd stick with the Admin account rather then having both. I've been running as an Admin account on three computers for several years with no problems. Just have a reasonable security setup, and use your head.

    2) Install FDISR and leave Data anchoring alone, until you have an understanding of the program. You can always go back and change it later.

    Pete
     
  3. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328

    :eek: Running all the time on admin priv is not my idea of being safe and secure while I'm on the internet. I would love to KISS but these issues are something you can't overlook if you want to have he maximum feeling of security. I've ONLY run under limited user accounts on the internet for as long as I can remember with xp. I would hate to have to give that option up. I only log onto admin to update programs and windows, then it's back to limited user account. I'm sure that someone must run under limited user status also having FDISR on their system. I know that FDISR doesn't work under limited user account as the ICON doesn't show in my task bar but I've already booted into the snapshot I want so choosing the one with the limited user account setup seems ideal to me. I can't be the only one that feels like this:blink: So what to do about that? I suppose with so many questions I can seperate them out and post different threads for each so we can straighten this out. Don't mean to overwhelm you. I'm not that big of a noob. I promise. :D I've been on computers since windows 3.1 so there's hope that I can figure this setup out. :cool:
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,045
    There's a poll where you will find most folks run as Admin accounts. I never done anything but.

    Besides one of whole points of First Defense is you can wipe out stuff. I always do dodgy surfing in another snapshot. Then when done, I boot to a good snapshot, and overwrite the one where I was surfing.
     
  5. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Do you have an opinion about using virtualization like sandboxie?
    Or about browsing in a VMware browser appliance?
     
  6. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328

    I want to do exactly that which you've mentioned...vmware player or the microsoft free virtualization product but I think it said it won't work on an XPhome box. :'( Can you confirm that? If I eventually do get into virtualization use do i have to run it under admin priv or can it run under a limited user acct? I'm guessing under admin only? Bear in mind I'll still have FDISR on ...all the possibilities of the two on a machine is really cool.
     
  7. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328

    I guess then that if that's true that most people that use FDISR are always in admin mode then that answers that. However I'll need to go drink a large bottle of vodka to wash that down with. :D Seems like I'm a bit stubborn or leery of losing my security blankets. I've already had a trojan on my puter and need reassurance that running under such loose priveledges doesn't warrant a trojan invite. This is the first product I've come across that I couldn't run in limited user mode.


    As an aside I'd like to pick your brain on another topic if I may. I saw in this thread..https://www.wilderssecurity.com/showthread.php?t=140947&highlight=data anchoring at the bottom you talk to I think CThorpe about the problems of Admin passwords having to be the same between snapshots for the data anchoring to work correctly. Is that so? I have different passwords for admin accounts on different snapshots.
     
  8. starfish_001

    starfish_001 Registered Member

    Joined:
    Jan 31, 2005
    Posts:
    1,041

    I use FD under admin but share your concern about admin account I use DefenseWall sandbox hips to limit the damage possible others use geswall

    Personally I prefer to have a os partition and a data partition - no achoring simple
     
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,045
    On the trojan on your box. How did it get there. Do you know?
     
  10. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328

    I'm suspecting a 3rd party chat client for yahoo I was trying out awhile back. Thats why I switched to avast so I could get a free chat client virus scanner after I realized I was infected. Rootkitunhooker found it. I really need a good HIps /blocker. I wasn't using much back then but a simple virus scanner and the usual list of post-infection type stuff like adaaware and spybot which don't prevent infection as well as you'd like. So I stumbled onto a program called regprot and people here seem to like ssm however they point out you still need process guard etc. So many security programs needed so that's why I wanted something like this FDISR to reduce the need for so many security aps. I'd love to be running a virtual machine inside of a frozen snapshot with just a few top rated aps for security. There's some good ideas here on security aps. I like my avast but seems like nod32 might be better. I did find rootkit unhooker to be the best rootkit detector out there and it's free. Those rootkits are my biggest baddie I want to prevent. Figure If I hid 5 levels deep inside a vm inside a vm inside a vm... in a frozen snapshot with some good aps I'll be safe all running in limited user account......:)

    Do you know about having to have all the same passwords on your admin accounts across all your snapshots on your local host hdd for the data anchoring to work correctly? Especially if you enable it and then disable it?
     
    Last edited: Jan 6, 2007
  11. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Not the passwords but the account ID's are significant.
    When you access your (anchored) folders with administator privileges, then it doesn't matter much.
     
  12. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
  13. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328
    I think I just remembered I didn't set up my bios settings to have my CDROM first in line in the order during the boot. Is it ok to go change that now and save it inside my snapshot or do I need to start my snapshots over again?

    I hear what your saying about the dropmyrights issue. I read your links and it seems like what you are saying is to run under admin yet for just internet explorer to drop admin rights for that one single program? Is that how you have your setup?
     
  14. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    I use DMR for IE, Firefox, Opera, and Outlook Express.

    Acadia
     
  15. wilbertnl

    wilbertnl Registered Member

    Joined:
    Dec 29, 2004
    Posts:
    1,850
    Location:
    Tulsa, Oklahoma
    Boot settings in the BIOS won't impact your snapshots. Changing your IDE settings in the BIOS (LBA, for example) has an effect on the Windows configuration.
    In the worst case, after hardware changes, Windows asks you to reboot. That's all.
     
  16. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    When I refreshed my system in September by doing a complete reformat I installed the bare minimum plus Windows Updates. (Prior to this my system had been running since 2002 with no reformats.) I then installed FD-ISR, copied the system to a snapshot I called 'Fresh OS install', and continued to work on the Primary to add programs etc. I then created a Backup snapshot. I also have another snapshot purely for testing purposes.
     
  17. Horus37

    Horus37 Registered Member

    Joined:
    Jan 4, 2007
    Posts:
    328

    It's hard to decide which to run now limited user or install Dropmyrights and run in admin mode and just include my internet apps. However I so far have no problems running all my firewalls and antivirus in limited user mode .

    One thing that I was thinking of doing was being in limited user account and giving my antivirus and firewall admin rights with "runas" command. What do you think?
     
  18. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    I would prefer a limited user account myself but I lose too many of my settings. :doubt:

    Acadia
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,045
    What is the deep dark fear of an admin account. If you have a decent firewall, AV, and use your head you should be fine. Should you want to do something you suspect might be risky, do it in another snapshot, and then get rid of it. Even with some dodgy stuff, I've never had a problem, in being on line.

    Pete
     
  20. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    I trust my firewall and my AV ... :oops:

    Acadia
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,045
    ROFL!!!
     
Thread Status:
Not open for further replies.