Updatable Rescue CDs/F-Secure Rescue CD 3.11

I like F-secure's concept of an updateable rescue CD, where the basic engine is on the CD or DVD, while the signature file is updated online to USB flash.

There's just one hitch - I've never been able to get a fresh signature file, let alone save it to USB. Has anyone succeeded in this? If so, would you consider sharing your experience?

Alternatively, are there any other such hybrid rescue disks available for download - preferably ones that are easier to use than F-Secure's? I've seen last year's discussion on rescue CD's, but F-Secure's version is mentioned only in a collected volume, with no indication that it's ever been tried by any of the posters. And in any case, the version would have been superseded by the current ver. 3.11...

 

"Avira AntiVir Rescue System "is updatable.

I have recently used the rescue CD on the same day that I downloaded the ISO and burned the disc. Since the downloaded ISO was fresh, I did not attempt to use the update feature, and so I cannot comment on how well it works.

 

I have used the update feature of Avira AntiVir Rescue System on several of the PC's of my Home Network. The update feature worked fine. I haven't tried the update feature on any other Networks.

 

I have also used the update feature of the Kaspersky Rescue CD. It is essential that you update the malware definitions since the definitions on the CD ISO are several months out-of-date. The malware definitions update procedure takes quite a few minutes to complete.

 

Thanks all.

After submitting my original post, I dug up my F-Secure Rescue 311 CD and tried it one more time. This time (and for the first time in at least four attempts) it actually downloaded a sig file with a current date stamp. I didn't time it, but it too a looong time.

I saw no option to save the sig file to USB, or to anything else, and I did have a flash card inserted in a usb card reader for the purpose. The only options I recall were to scan the MBR and the various partitions listed (including the flash card).

I let it do all of them (probably rash, because it has no report only option), and it ran for almost four hours.

At the end, I had a scrollable list of files scanned, and a (thankfully) short list of files "renamed or disinfected". There was a problem there too, because long paths caused the filenames to go off-screen, and there was no way to scroll them back.

And then there was no option to save the list of disinfected or renamed files to a log. The only options were to scan again or reboot.

Not exactly satisfactory, and potentially disastrous if an essential system file got "disinfected". The fact that at the end, the program said only that it had "renamed" the suspect files confused matters further.

I only looked up one of the suspect files, and it had simply had the extension "virus" appended after the original "zip" extension. If that's all the program does to any suspect file, I guess there couldn't be any permanent damage to system files, so long as you could access and rename them. But being unable to save the sig file for future use (for instance, if you can't get online to get a new one) and being unable to save the list of corrupted files for reference seems very clumsy.

I'd prefer a less unwieldly setup, and will try the suggested alternatives, assuming they don't share these shortcomings.

 

Have gone a few more rounds with the F-secure rescue CD and got the USB flash option working.

A reading of the user guide explained why no options to save the virus database offline had appeared. It turns out that for this to work, before booting with the F-Secure CD you have to have:

1. USB media with "at least 256MB" of free space attached to the system

2. the directories "fsecure/rescuecd" in place on the USB media

The program then detects the directories, and if the space is sufficient (I tried it once with only 50MB available, and nothing got saved), writes the database files to them so that you can run a scan without going online next time. The current size of the fsecure directory is 138MB.

The time saving isn't great, if you have a reasonably fast connection. The database download itself takes only six minutes at 350KB/s, while "converting the Aquarius database files" takes four. And the latter task is also repeated when starting the scan offline.

As on previous runs, the program lets you select or deselect partitions, nothing smaller.

I ran a fairly limited scan, and three files were reported as unreadable on the results display.

This is really where having the USB save setup pays off, even if you can get online. Because the program's report window is fixed, and scrolls only vertically, long paths result in the line going off-screen, and there's no way to access the hidden portion.

But if the fsecure/rescuecd folder is set up as instructed, a reports folder is created and the scan logs are automatically saved in it after the scan.

Two Paragon Backup and Recovery archive files were reported "unreadable" (probably just as well, since their combined size is 10GB), and one small file "slaxsave.zip" was also reported as "unreadable" and a "possible compression bomb".

So, I guess the CD is reasonably functional after all. Will have to try the others suggested and see how they compare.