Too much reformatting

Discussion in 'hardware' started by ohblu, Aug 12, 2009.

Thread Status:
Not open for further replies.
  1. ohblu

    ohblu Registered Member

    Joined:
    Jul 26, 2008
    Posts:
    79
    Location:
    Colorado
    Many, many years ago it used to be that people only reformatted their computers as a last resort. People would spend an hour or two (or more) trying to fix the problem and prevent it from recurring. Now, people have one minor little problem and they reformat. It's like it's become trendy. I even see computer techs reformatting computers at the drop of a hat. Is reformatting like this really necessary? I have a computer book that was written by an expert and he basically says reformatting should be a last resort. So why do so many people reformat over the tiniest little problems? Like one guy reformatted because he got one little piece of spyware on his computer. I think that was going way overboard.

    Opinions?
     
  2. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I agree with you. I see so much advice on tech forums to those people who get some malware infestation like a vundu variant...telling these poor people to "backup data and format".

    Back in the early Win9X days, I used to install and uninstall so many games, mess with drivers, blah blah..yeah two or maybe three times a year I'd rebuild.

    But once Win2K came out...and I don't install/uninstall so much, even then....with the plethora of good cleaning tools out there, and keeping my machine quite clean...I only format/reinstall when I'm replacing/upgrading my PC with all new motherboard/CPU/etc.

    Regarding malware....we get a huge amount of infested PCs into our shop, most of it can be cleaned quite well with the good cleaning/removal tools these days such as MalwareBytes, ComboFix, SuperAntispyware, AntiVir, Spybot, MRT, MSE, etc. Especially a service shop that has a bench PC where you can slave the customers drive to and perform good deep scans outside of the OS. It's a very small percentage that we run across where we throw in the towel and rebuild.
     
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Interesting questions you raise up here. I see possible 2 reasons -

    Formatting is the easiest solution. In case of Windows OSes, the install process has always been more or less idiot-friendly. All you have to do is type in you username/password and click on "next" a few times and you're up and going in half an hour or so. Getting to the bottom of problem requires some brainpower and often is the case where users do not want to use their brains to actually learn something in the process. They simply want things to work. That is your typical Windows user. They would rather spend 3 hours on clicking "next" (they do have to reinstall some apps too) then on delving into unknown to fix the problem.

    There is also the matter of keeping things "clean" and "under total control". This is a psyhological compulsive reaction that usually derives from the lack of knowledge (I will not go into other, more serious, reasons for compulsive behavior). It applies to the case with the simple spyware you mention. Even if the problem can easily be resolved, the word "infection" rings heavily in the ears of our Windows user and the only way he'll get rid of that ring is to start anew, be it from a trusted image or by the means of reformat.

    I daresay that I noticed how both cases apply to many of our fellow members here...
     
  4. bgoodman4

    bgoodman4 Registered Member

    Joined:
    Jan 13, 2009
    Posts:
    3,132
    Its also an easy way for phone or e-mail tech support to deal with an issue. Rather than try to find a viable solution,,,,which takes work and knowledge,,,,the tech says to reformat and reinstall.

    Thats the easy and time effective way to work for the tech,,,,,but not for the customer.
     
  5. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    IMO it's not the easiest solution.
    *Existing data. Asking the person what they need backed up from the computer...they may remember to mention 1 or 2 or 3 things....they usually forget the other dozen or things they need until POOF!!! it's gone and too late.

    *Can't find reinstallation media for 1/2 of the programs they want back

    *Some cloner built PC with motherboard of the month parts that takes hours...no...days..to go on driver hunts for on el cheapo parts.

    *Once computer is rebuilt...restore data....and now the often more time consuming part...return it to their house and find out they have all these odd AIW/MFP printers/scanners/cameras/PDAs that take a horrendously long time to install drivers for.

    IMO the removal tools available today do such a fantastic job....how could anyone say clicking on them 4 times is more difficult than reinstalling the OS and software and blah blah on their PC?
    Install, update, scan, remove. //easy? Just follow the bouncing ball, programs like malwarebytes hold your hand through the entire process.

    When our customers PCs come in..the few that don't seem to be able to be repaired and need a complete rebuild...I dread it when that happens because now I know I'm going to spend a lot more time on the project.
     
  6. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    I have to agree with the Olde Cat there, I only format and reinstall only when I have to for the same reasons stated. I once cleaned a WinMe computer that had over 900 instances of infection (it took 15 minutes to boot to the desktop, lol). Ordinarily with such a hugely infected computer I would have probably reformatted and reinstalled but the user could not find her installation disks. It took me two days on and off to clean it. In that case it would have been better to R & R because it would have taken less time.

    Another time someone bought a laptop to work that had a corrupted registry which caused it not to boot up even in Safe Mode. My sysadmin told me to reformat and reinstall but I instead repaired the registry as per MS instructions. It was a little tedious with all the typing but I got the computer fixed within the hour. This was a lot easier than having to reinstall the OS, drivers, apps, and data though.

    Back in the Win9x days on my computer I used to reformat and reinstall every six months or whenever it needed it. In XP I did it once a year. Nowadays in Vista I have a backup image stored in my server if something goes awry.
     
  7. ohblu

    ohblu Registered Member

    Joined:
    Jul 26, 2008
    Posts:
    79
    Location:
    Colorado

    I'm getting a little off-topic here but how did you determine there were 900 instances of infection? I mean, did you use scan in safe mode or use an online scanner? What was your method of detection?

    I once had a relative's computer that took about 15-20 minutes to boot to the desktop and my first instinct was to scan for malware. I scanned in safe mode and with an online scanner as well as with the scanners that were already installed on the computer. But I only found two fairly harmless spyware. They certainly weren't anything that would cause a computer to run that slow. A repair tech claims the computer was infested with spyware. I have serious doubts about that. But I'd really like to learn more about this.
     
  8. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    I disagree completely. Years ago - and I go back to DOS days, reformatting was a common occurrence. Why? Because it was easy. All your programs and drivers were on floppy disks you kept in your desk. All your data fit on one or two floppies. In fact, many people used to reformat as a matter of routine. And security was not the problem it is today either. So years ago, people used to reformat all the time, and that was fine because people had everything they needed on hand.

    Today, chances are most of your programs come from downloads, or have been updated several times since new.
    They are not real techs - but wannabes and amateurs. But I note if the user's goal is to get a working, and CLEAN, computer back fast, and they don't care about any lost data, then a reformat and reinstall can be lot faster, if done properly. And when talking labor charges by the hour, reformatting can be less expensive too.

    But for many users, the data on the computer is worth more than the computer, and, of course, we all know how diligent users are about keeping a current backup.

    Here is my canned text on why reformatting should be avoided:

    You definitely need to avoid reformatting as that is ALWAYS a last ditch effort. At the very least, you should attempt to repair your installation of XP before attempting to format and reinstall. See Michael Stevens XP Repair Install for complete instructions and necessary precautions.When you format your boot drive, you lose:
    • All hardware drivers, including:
      • Drivers specific to XP SP2 (or Vista),
      • Drivers specific to your motherboard, such as those needed for on-board graphics, sound, networking, USB I/O, SATA/SCSI controllers, etc.
    • Data files - including,
      • Documents, spreadsheets, databases, etc.,
      • Photos, music/audio and video,
      • Email (if using Outlook Express, Outlook or some other "client" (PC) based email program), as well as any saved contacts, appointments, and notes,
      • Favorites/Bookmarks[/indent]
      • Downloaded programs and updates to them, including all your required security applications,
      • Custom configurations, for Windows and all other programs,
    ...and worst of all,
    • Security patches and Critical Updates setting your security defenses months, or even years behind!
    Also of key importance, when a format and reinstall is performed instead of troubleshooting and repair, nothing is learned! The cause is left undetermined. The user does not know what happened, and most importantly, what behavior to change to prevent recurrence.

    Once all repair options have been exhausted and the decision is to go ahead and reformat/reinstall, you must:
    • Ensure you have backed up all critical data and files,
    • Have all original installation disks and the CD/license keys on hand for Windows, as well as any other applications you have installed from CD, DVD, or download,
    • Have copies of all hardware drivers on CD, either original maker's driver disks, or better yet, by downloading (the latest version) from maker's download pages and burn them to CD, including drivers for,
      • The motherboard devices (including those for integrated devices),
      • Graphics card (if not integrated),
      • Sound card (if not integrated) (technically, sound is not needed, or at least, can wait),
    • Current copy of your anti-virus program (I would also recommend replacing Windows Firewall with a full two-way firewall at this time).
     
  9. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    One item that has been ignored is the corruption of the OS.

    Malware can do that. Uninstalling and installing software, especially security software can do that too. Especially if that is done frequently. In my own experience, it's only a matter of time till some corruption of the OS (actually not just the OS, but the system, which includes programs and data) will occur. In the past I have tried to 'repair' 'stuff', but that doesn't always solve the problem and it can easily cause further system corruption.

    This is one of the reasons why I have and use an imaging setup. I always keep a known clean image.
     
  10. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    At that time (pre-MBAM days) I used SAS-Spybot-Adaware in my cleanings. I remember SAS reporting over 900 instances but that count included cookies and registry entries as well. It took the before-mentioned tools plus some specialized ones such as SmitFraudFix to clean it. I also had to do some registry work as on bootup I was getting error messages about some DLL's not being found (the malware DLLs that were removed). I was able to return the computer back to normal--or what is normal for WinMe, lol.

    Today when someone brings me a computer to clean I usually use the MBAM+SAS+Spybot combo (and specialized removers if needed). I then install an antivirus as a lot of computers that are brought to me have old expired AVs installed (in fact I had a Dell B110 today that had an expired Norton 2005 installed). I remove all the old restore points to make sure nothing comes back to haunt the user later and make sure Windows is updated. HDD clutter is then removed with CCleaner and I then end with a defrag of the HDD.

    EDIT: I scan in safe mode normally. Today on the Dell B110 that I mentioned, MBAM reported 83 instances. After I cleaned and then rebooted I started getting BSODs even in safe mode. I was contemplating performing a repair reinstall when I thought about the Apricorn DriveWire disk cloner I use. It also turns a internal HDD into something like a USB external drive. I pulled the HDD out and plugged it into my workstation and let SAV10 scan it. It found some more nasties and when I put the HDD back the BSODs were gone. This is the first time I have ever used this method of cleaning malware out of a HDD and after today it will become another tool in my arsenal.
     
    Last edited: Aug 13, 2009
  11. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    I think the increasing prevalence of reformatting has much to do with the increased knowledge of just how dangerous today's malware infections can be.

    The paranoia over identity theft is, in my opinion, well founded as I know three people who've been victimized and all three employed quality antivirus, antispyware, and third-party firewalls.
    All three kept their operating systems patched via MS automatic updating, and all were single users on that particular computer.
    As far as visiting suspect websites, I really don't know.

    -Anyway-

    The aforementioned paranoia continues even following the successful removal of detected malware.
    "Did I really get it all ?"
    "Is anything still in my computer; UNDETECTED ?"

    When you're dealing with that state of mind, the only procedure that will truly alleviate the fear is reformatting/reinstalling and starting over clean.
    The ready availability of open source imaging and cloning applications make the process of reinstalling the OS and all drivers, applications, and documents a piece of cake- usually.

    So it comes down to the choice of how much doubt can you tolerate.
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    IMO, there's several more factors that are contributing to the rise in reformatting instead of cleaning.
    • The user base has changed. There's a much higher percentage of casual users who know very little about how their PC actually works, let alone how to clean it. Computer enthusiasts and hobbyists make up a much smaller percentage of the users than before. Now it's gamers and dedicated P2P users who believe that security measures just slow their systems down. They'd rather reformat than use anything that might slow them down.
    • The infective agents have changed. Rootkits make up a much larger percentage of the malicious code. Years back, malicious code was primarily annoying. Now it's professionally written theft tools, making the cost of a failed or incomplete removal much higher. Because of their hidden nature and a degree of uncertainty regarding their detection and complete removal, there's a lingering doubt as to whether a system has truly been cleaned of rootkits. That tends to make people reformat, just to make sure it's gone.
    • The operating systems are more complex. There's more places malware can hide. The new systems are not as easy to clean as the old ones. On a 9X system, DOS could do almost everything that needed to be done. Now it requires specialized tools, rootkit detectors, live CDs, etc.
    Add these factors to the ones already mentioned.

    Your points are quite valid. The cost of failure is much higher with todays malware. A missed detection or incomplete removal might cost you everything in your bank account. A few years back, I cleaned a keylogger out of a PC that was built to steal financial logins. The owner called the bank and caught them in the process of trying to transfer out funds. 5 minutes later and he would have had an empty checkbook. Yes, most banks have implemented better login systems, but the malware has got better too. When the threats are real and there are real difficulties with detecting and/or removing them, it's not paranoia. It's a very normal reaction to very real threats that steal real money.
     
    Last edited: Aug 13, 2009
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I tend to be one of these people who are quick to reformat. One reason, it's simply quicker to reformat than spend that 2-3 or more hours trying to fix something. Another reason, if any instance of malware ever did get on the machine, I'd be one of those who'd want to be 100% sure it was gone and that there were no other problems resulting from the "infestation". And finally, there is nothing like a 100% clean brand new PC to cure all ills.
     
  14. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    I'm the same way !
    I have master hard drives, built from a scratch "bare metal" install, for Windows 2000, XP Home, XP Pro, Vista, and Windows 7 RC-1.
    Each drive contains the base OS, all applicable MS updates, patches, and hotfixes, all necessary drivers, and a handful of applications I consider as indispensable, such as CCleaner, WinPatrol, Malwarebytes, and my twelve video-related programs for DVD backup and editing.

    I use 40gb SATA hard drives for general use such as web surfing.
    When a particular install needs to be changed for any reason, I can reformat in twelve minutes and clone the desired OS from the master via CopyWipe in about two minutes..
    After rebooting to finalize the install, I can then add anything else I want to use such as the antivirus, antispyware, and firewall of my choice, Sandboxie, a different web browser, or...

    Much faster than hunting for malware and piece of mind knowing the drive is clean.
     
  15. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Offline separate clean image always works for me.

    SourMilk out
     
  16. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    YeOldeStonecat,

    not all problems on PCs are caused by malware...
     
  17. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Forgive me for my ignorance, but I have to ask: is it really necessary to reformat before reinstalling Windows? I thought reinstalling Windows automatically wipes out what ever was previously recorded, I always thought that reformatting was equivalent to erase whatever was on disk.
     
  18. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Technically, a reformat might not be enough.

    If you have several partitions, hidden partitions, malware hiding in bad sectors and possibly other things, you may need more.

    Wiping the harddisk is best. For example, DBAN.

    Actually, doesn't a Windows XP reinstall (booting from Windows XP CD) start with a reformat ?
    I'm not sure, it has been a long time since I did that.
     
    Last edited: Aug 17, 2009
  19. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    That's NOT happening and I challenge anyone to show evidence (links to real studies) suggesting otherwise. Okay, more people (and "wannabe" technicians) may format at the drop of a hat, but that's only because there are nearly 1 billion Windows computers out there, compared to "only" a few 100 million just 5 years ago. Percentage wise, the numbers are not increasing, but instead, due to education (in forums like this, for example), more robust operating systems, and more reliable hardware, indiscriminate reformatting is decreasing. Prior to NT based Windows (NT, W2K, XP and newer), reformatting was done as a matter of routine. But no longer.

    We must remember that most users do NOT have current backups of all their data, or disk image files on hand. Those that do, are NOT "normal" users. We must also remember that PCs for most are a necessity, a way of life and not primarily used as a source of entertainment. The value of the data (work and school papers, emails, taxes, banking, contacts, appointments, etc.) is often worth MUCH more than the hardware.

    Also worth mentioning is many factory made PCs do not come with disks.

    The biggest problem with this position is NOTHING is learned! You don't learn what the problem is, how to fix the problem, and most importantly, how to prevent recurrence. And, unless you have created a very recent image, I remind readers again, you could be set back months, or years in security updates and patches.

    It is important to remember that computers get infected when users fail to keep their systems patched, updated, scanned and blocked, AND they fail to avoid risky practices, like visiting illegal p*rn, gambling, or P2P sites that support illegal filesharing of copyrighted materials.

    A common misconception. A format does little more than prepare a disk for data storage, and "mark" the space as available. It does not purge any data previously saved on the disk. This is basically the same thing that happens when you delete a file. It is not removed from the hard drive, the space is just marked in the drive's tables as free and any data there can easily be retrieved, until it has been overwritten.

    I agree. But note wiping does not remove data either, and has nothing to do with formatting a disk, or laying down a file system (NTFS or FAT32, for example). It simply overwrites every track and sector several times with a bunch of 1s and 0s, obliterating any residue magnetism (the 1s and 0s representing your data) on the disk. I recommend Eraser, which has a GUI front-end, and uses DBAN technology.
     
  20. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I'm quite aware of that, as I work on end users PCs for a living. But with even a little knowledge, one can find/fix the cause.

    And my goal is to do what works, and what's most cost effective and efficient and permanent for the client and myself. I prefer my time to be spent managing clients business networks, building, new deploys, maintenance work. My hourly rate is 125/hour, but most of my clients are on monthly retainers....so if a machine isn't properly fixed...thus keeps coming back to me and making me suck up more time in the rig...I end up losing. Thus I seek a permanent fix...I don't want machines coming back to me.

    Thus....if the tools available to use today didn't work, and if wiping it clean and reinstalling truly was a time saver...I'd be doing that.
     
  21. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    I dont format, I scrub the Devil off my Disks with WipeDrive Pro :cautious: Not a glimmer of Data left over once you use this software :ninja:
     
  22. JohnnyDollar

    JohnnyDollar Guest

    Can't you format 2 or 3 times and do the same thing?
     
  23. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    I don't think it fair to compare the needs of business network clients to home users. They have different needs. A business owner needs the computer back in production NOW so his worker can be productive. A home user needs the computer up and running so he can access his data, pay his bills, surf the Internet.

    Business machines typically are little more than "workstations" - that is, they are not used to store data "locally" but rather on a centrally located server. Employees can, in effect, sign-in from any machine on their network and do what they need to do, to include accessing their email accounts. Business networks are backed up on regular (or continual) basis. If a machine is down, someone sits idle so it certainly is more cost effective to the company's bottom line to put that machine back in service as soon as possible. So a wipe and a re-image and bingo, the machine is back in service, with NO data lost as it is all on the server.

    Home users, typically, don't have that luxury. They don't have servers or scheduled backups. They don't have a local repository of all their downloaded security programs, applications, or even HW drivers.

    So my point is you cannot compare the needs of business clients to ALL home users because sadly, most home users are not prepared to lose all their data and all their downloaded and installed programs, email, updates and patches. Therefore, reformatting should always be a last resort.

    So blanket statements and policies do not apply here. If the user could care less about the data, applications, custom configurations, then sure, get the machine back up and running ASAP with a wipe and re-image and the boss is happy.

    But if the user is a typical home user, and needs and wants those documents, email, downloaded programs, family photos, user accounts, etc. then handing them back blank hard drive is not likely to win you a loyal customer.

    No. Once again, a (re)format does not erase the data - it only prepares the disk for data storage, and "MARKS" the space as "available". Anyone can use commonly available recovery programs to retrieve previously saved data - if it has not been over-written through normal use.

    The only way to actually destroy data is to overwrite it by re-aligning the magnetic particles into a different pattern. These "wipe" programs do not "wipe". They do not "erase". They do not "delete". They just overwrite the storage spaces a bunch of times to totally obliterate any residual magnetism.
     
  24. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Bill I think you're making assumptions on business users. I am a business user and I have all my data (99% of it) stored locally on the laptop, and then backed up to an external HD. Not all, nor perhaps not even most business users store their data on servers.

    Also, most, or at least any home users with any sense will backup any important data to external CD/DVD's or another HD if they don't want to lose it. Anything I have as a home user that I care about is on DVDs.

    I still maintain, after screwing with this stuff for decades now, that the quickest and most efficient way to go much of the time is a reformat and reinstall. After years of experience, my tolerance for wasting time trying to fix broken things is near zero. These days, give me a quick reformat any time over spending hours trying to straighten out an issue, only to find out there's no fix much of the time.

    Bottom line: Sometimes a reformat is the most intelligent and time effective way to go.
     
  25. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    You've never worked the government or corporate IT world, huh? Where one building has 100s or 1000s of PCs? And they communicate with 100s or 1000s of buildings across the state, country, or around the world? And without whom there would be no networks, or file servers, or Internet?

    I am not assuming anything, but I did base my comment on YeOldStonecats comment that he was on retainer, and his goal is to return the PC to service in the shortest time.

    And while I note many "business users" use laptops, most don't, at least not as their primary "office" computer.

    Well, there's where you show your lack of understanding. Most people (not on servers with an IT expert scheduling backups) don't back up regularly. Surely you don't suggest reality is otherwise? Common sense has nothing to do with reality. Common sense says lots of things, but that does prevent very intelligent people from ignoring it ("it won't happen to me").
    I never denied that, and as seen in my sig link, I have decades of experience too, but that means nothing, or actually proves my point - you are not "normal". You are looking at it from your side, as someone in IT, and not from the position of the "normal" user, who just expects the computer to work. I am looking at it from a typical user's point of view.

    That's true. But if it is not your data you are destroying, formatting is always a last resort. Taking the easy way out, which is exactly what "time effective way to go" means, is not always the "right" way. Even if the critical data has been backed up. And I say again, unless you have a current image file (which would make you an abnormal user, not a normal user), you will be months, or even years behind in security updates and patches as likely your OS disk will not be XPSP3 or VistaSP1 - and, show of hands, how many "normal" users have all the patches slipstreamed with their install disk? 1? 2 maybe?

    Formatting to fix a problem is the easy way out. If that's your bag, and you (and more importantly, your client) don't care about data, user configurations, or any user downloaded applications, including security programs that will now be gone too, fine. But that's not fixing the problem. And certainly nothing is learned to keep the problem from recurring.
     
Thread Status:
Not open for further replies.