Updating WinXPproSP2 Install CD - nLite

Discussion in 'other software & services' started by ErikAlbert, Sep 13, 2006.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Moving the folder "Documents and Settings" doesn't move anything in the registry, but there are alot of changes in the registry.
    If you search in your registry with "Documents and Settings" you will find alot "C:\Documents and Settings" and nLite changes that in to "D:\Document and Settings".

    My actual separation method works only for myself, not for other users, if I had several users at home in a network and that was bothering me constantly, although I don't need it at home. nLite is supposed to solve that problem. I only have to prove it first and I will in the near future. My problem is TIME to do it.

    For the moment, I'm only interested in two changes, regarding "nLite WinXPproSP2 Installation CD" :
    1. Hotfixes and Update patches
    2. Profiles path = "D:\Documents and Settings" (default value = "%SystemDrive%\Documents and Settings")
    All the rest is for the future, because it needs more preparation and tests.
    It's not my style to create more problems, than I already have.

    Regarding the benefits of separating your system files from your personal files :
    There have been alot of discussions and disagreements about this amongst members. The bottom line is that it is a PERSONAL issue and the same happened regarding multi-partitioning.
    So what I'm telling now is a PERSONAL opinion and there are indeed alot of differences between system files and personal files.

    1. I didn't create system files, other people did, but I created all my personal files or I downloaded them.
    This might ridiculous to other people, not to me. I'm the boss over my personal files, but I have to depend on other people to change the system files, because I don't have the source programs.

    2. I don't like to lose my personal files, because I've spend alot of time on them, but I don't mind losing my system files, because I can get them back via Installation CD's or via internet.

    3. I don't change my system files all the time, because I don't need a new software every day, but I do change my personal files every day. So I do alot more backups of my personal files, than my system files.

    4. My system partition has always about the same volume, while the volume of my data partition increases every day. That is important if you want to calculate the size of your system partition or the total size of FDISR-snapshots. Personal files on your system partition would make that calculation very difficult.

    5. I'm also a FirstDefense-ISR user, which means I have alot of snapshots and I need access to ALL my personal files in EACH snapshot and I would hate if I had to move my personal files from one snapshot to another snapshot.
    I hate exceptions and I like to do things always in the same way.
    I'm doing this already for more than SIX months without any problems.

    6. It simplifies my backup, because I have the SAME backup method for my system and data partition, only the source and target have different names.
    I don't need a separate procedure or even another software to backup the folder "My Documents" or the folder where my emails and email-address-book are stored. I don't have any exceptions in my backup methods.

    7. If there is one partition in my computer that has regular problems, it's my system partition, never my data partition.
    That is normal because my data partition has only personal files, while my system partition is used for all kinds of experiments with possible disasters.
    I don't care anymore if my system partition is destroyed, because my personal files are stored on ANOTHER harddisk = data partition [D:].
    I only have to restore my system partition using an image backup file and I'm back in business.

    8. Because my personal files are somewhere else, I have total freedom on my system partition without any worries to lose any of my personal files and that gives me a very good feeling.

    9. The risk of harddisk crashes is spread over 3 physical harddisks. One harddisk for system files, one harddisk for personal files and one external harddisk for backups. It's as good as impossible, that THREE harddisks will crash at the SAME TIME.

    I worked years with one harddisk and one partition [C:] with everything on it, so I know the difference. I never had any regrets regarding this separation and it makes alot of things easier.
    Whatever people are saying, I don't want to go back in the past.

    IF nLite works like I expected :
    1. I don't have to create all my folders anymore on my harddisk [D:].
    2. I don't have to change my default folder settings anymore in each software.
    3. I don't have to move the folder "profiles" of Firefox anymore.
    4. I don't have to move the folder "profiles" of Thunderbird anymore.
    In other words everything is READY after the installation of Windows and that would be a big improvement.
    Moving the "Documents and Settings" is the very best separation you can get and that is something else than just moving the folder "My Documents" like most users do.
    If you don't believe me, unhide everything and go to your folder "Documents and Settings" and take a look in each subfolder, especially the folder "Application Data" and everything is separated by usernames. :)
     
    Last edited: Sep 28, 2006
  2. peelmanG4

    peelmanG4 Registered Member

    Joined:
    Sep 27, 2006
    Posts:
    6
    Forget what i said, earlier, what i was trying to say was THAT. Well said Erik.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks peelmanG4.
    You are right. The only part of the registry in the Documents and Settings\[USERNAME]\ folder is HKEY_CURRENT_USER.
    When the current user is logged out, it appears in the Documents and Settings folder as NTUSER.DAT.

    Here is the info that I found on it:
    There is a good description of HKEY_CURRENT_USER Registry Subkeys here:
    http://support.microsoft.com/kb/310595

    It hints at an answer to the main question, but still it is unclear:
    Does this mean that ntuser.dat will store the info within the Add/Remove Programs control panel applet(all the installed programs)?
    That's great that it has all the program settings, but does it include the registry settings necessary for the installed programs to show up in Add/Remove Programs in the Control Panel?


    As for reformatting and reinstalling quite often:
    You shouldn't have to reformat/reinstall frequently. Make a nice clean install, set it up, tweak it, and make a backup image. Then when trouble arrives, just restore the backup image and you are back in business in a few minutes instead of several hours/days/weeks.
     
  4. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    You are correct that it changes a lot of the settings in the registry, but the registry is composed of several files, see here (scroll down to the bottom under Windows NT platform). The consequences of splitting up the registry in this way are not quite clear yet (to me at least).
    For example...

    Let's say you move the "Documents and Settings" folder to D: and then you make a clean backup image (or a snapshot).
    Now you install a program.
    The program gets installed to C:\Program Files\program folder.
    The program's settings are stored in D:\Documents and Settings\[CURRENT USER]\Application Data\program folder.
    The program is working normally and appears in the Control Panel Add/Remove Programs.
    Suddenly you discover that the program is MALICIOUS!
    You decide you no longer want the program and you don't trust the uninstall to completely remove the program.
    So you restore the clean backup image that you previously made.
    The program folder will be gone: GOOD.
    Any changes to operating system files will be gone: GOOD.
    The program's settings will still be stored in D:\Documents and Settings\[CURRENT USER]\Application Data\program folder: BAD, but you can manually delete the folder so not a major problem.
    The remaining question is:

    Will the program still appear in the Control Panel Add/Remove Programs?
    The answer to this question will tell a lot.

    All the other ideas you mentioned sound perfectly reasonable to me. :thumb:
     
    Last edited: Sep 28, 2006
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The clean backup file did NOT contain the malicious program. So if you restore the clean backup file the malicious program isn't there because it was never installed when the clean backup file was created. So the malicious program is completely gone in your restored system partition.

    The folder Application Data will indeed contain a leftover of the malicious program, because you did NOT uninstall the malicious program via Add/Remove Programs.

    I know for a fact that the uninstaller of Firefox/Thunderbird does NOT remove what is stored in the folder "Application Data".
    So if you want to uninstall Firefox/Thunderbird forever, you have to delete all its files in the folder "Application Data" manually.

    The software "Total Uninstall" is a tool that can be used in combination with "Add/Remove Program" to uninstall an application completely and an experienced "Total Uninstall" user will even run a registry cleaner to check if everything is gone.

    An experienced FirstDefense-ISR user will always install a new software in a test snapshot.
    If the program is malicious or corrupts the snapshot, the user will boot in his rollback snapshot and remove the bad snapshot from there and that's all he needs to do.
    FDISR is a 100% uninstaller, because you simply remove the complete snapshot or you refresh the bad snapshot with a rollback snapshot to make it healthy again.
    That is ONE of the reason why I use FirstDefense-ISR.

    So the answer is : it will NOT appear in the Add/Remove Programs, because your (bad) system partition was completely overwritten with a healthy backup file during the restoration.
     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Except whatever is contained in the HKEY_CURRENT_USER(NTUSER.DAT) part of the registry.
    That part of the registry will not be completely gone when you restore the system partition because it is on the D: partition.
    So I am still not sure if there will be enough of the malicious program left in the registry to still appear in Add/Remove Programs.
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Sorry I'm wrong about the registry in the Data partition, I have to test this. I didn't know about these registries.
     
  8. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    The registry is composed of several files.
    All of the registry files are stored on the system partition, EXCEPT ONE.
    NTUSER.DAT is stored in Documents and Settings and will NOT be restored because it was not backed up. It is stored in the D: partition when you moved Documents and Settings.

    Note that the NTUSER.DAT file will only be visible in the Documents and Settings folder when you are logged in as a different user.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes you are right. The question is : is this severe or not ? It could be possible that Windows maintains its registry automatically, including NTUSER.DAT. I don't know much about registries.

    There is also something else to be considered.
    If I restore a system partition of two months ago, will this cause problems in my data partition ?
    If it does, I'm in trouble and this would be unacceptable for me. I can't afford that.
    Which means that I can't move the folder "Documents and Settings".

    My actual separation can't have that problem, because I didn't move any folder, created by Windows.
    So I still have "C:\Documents and Settings" on my system partition, except that it doesn't contain any personal files. So this folder has only folders and files created by softwares.

    This could be a serious problem and I don't have much experience with this separation, because I never did this before. :(
     
  10. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Me neither. It may not be a serious problem, but it will be interesting to learn the answers. The potential benefits of moving the Documents and Settings folder are great.
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I have to think about this. I can't afford to lose my personal files and this experiment can take a long time before I know it really works or sucks. Pffft.
     
  12. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Maybe someone knowledgeable in this will have the answers to the questions so no experiment is needed.
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I once read a website, where a guy claimed that it was possible and working properly.
    This guy didn't use "nLite". He changed all registries manually LOOOL.
    But it looked the same as "nLite" does. This must have been a enormous job and he even mentioned that he had done it for his friends also. :D
    Maybe it is possible, maybe not. People write so many stories on the net.
     
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I have been thinking about this and although I wanted this very much, I don't think I'm going to do it.
    At least not on MY computer, not because I don't believe it is impossible, but because I think that my actual separation is safer and more flexible.

    What is bothering me the most is that the folder "Documents and Settings" is still full of system objects and those would be also stored on "D:\Documents and Settings".
    My actual separation has only folders and files created by me, except the profile folders of Firefox and Thunderbird, but those are not Windows folders.

    In my actual separation, there is no relationship between my system partition [C:] and data partition [D:], which means that I can do what I want with my system partition [C:] and also [D:]. And I know this for sure, because I work more than 6 months this way.

    If I move "Documents and Settings" to [D:] there will be a relationship between [C:] and [D:] and I probably have to backup both at the same time to keep that relationship, which means a complete backup every day.
    I think when I restore a very old [C:], while [D:] is very young that this will cause malfunctions in [C:] and/or [D:] and I don't want that to happen.

    The bottom line is that I will continue with nLite, but NOT for moving the folder "Documents and Settings".

    For other users, who don't mind about that, I only have one advice : try it, because it's worth to try. :)
     
  15. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    You are right, as Pieter Arntz explains here, there is a lot that malware has to work with in that folder.
    Once malware executes, it will infest the "Documents and Settings" folder so it can survive a reboot.
    If you happen to notice the infection, you can restore the backup image (or snapshot) to wipe out the active infection in the OS.
    But since this folder is on the D: partition, the malware will be able to survive a restore become active again automatically after the restore!

    Here is the same situation with just My Documents and selected profiles moved to D:.

    Once malware executes, it could infect all your important documents that are in D:\My Documents as well as the OS.
    If you happen to notice the infection, you can restore the backup image (or snapshot) to wipe out the active infection in the OS.
    But the next time you access any of the infected documents (they could all be infected), the malware will again spread to the OS.
    At least by moving just My Documents and selected profiles, you will be able to scan your data for malware before opening them after you restore.

    This is unfortunate, but that's the way it is, security vs. convenience.
    The convenience of not having to individually move each program's data vs. the weakened security of allowing active malware a chance to persist and be active even after a restore.
    I don't think that is worth the risk to nullify the strong security benefit of backups.

    Right now I don't think it is a good idea to move the "Documents and Settings" folder either.

    I asked my Add/Remove Programs question in the nLite forum, but there was no definitive response yet.
    I don't think the question matters anymore when you consider the security risk.
     
    Last edited: Sep 29, 2006
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Devinco,

    Concerning malware, I think I'm also better protected against malwares, if I keep my actual separation.
    I could be wrong, because I don't know much how all these malware work, but this is my reasoning.

    I didn't move any Windows folder from [C:] to [D:] in my actual separation.
    This means that my system partition looks the same as a system partition of a user, who didn't do a separation and keeps all his personal data on [C:]
    So I still have "C:\Documents and Settings" with all its subfolders and system files on my system partition.
    The only difference is that it doesn't contain any personal files, because these are stored on my data partition [D:] in folders created by myself.
    In other words my "C:\Documents and Settings" is EMPTY regarding personal data.
    If a malware succeeds to install itself and it has my personal files as target, it won't find anything, at least not in [C:] and my frozen snapshot removes any infection on [C:] during the next reboot.
    The only thing I'm not sure of is that malwares also know that I have another harddisk [D:], where all my personal files are stored and that [D:] isn't protected.

    To summarize this :
    1. My "C:\Documents and Settings" is empty, so there is nothing to infect.
    2. My online snapshot is frozen and removes any threat during the next reboot, including the folder "C:\Documents and Settings".
    3. I also have security softwares in my frozen snapshot that stop the execution of malwares, like Anti-Executable, Prevx1, Online Armor, System Safety Monitor. I still don't know what to use, but that is a matter of time.
    4. The folder names and structure of my harddisk [D:] doesn't look like "C:\Documents and Settings" and don't have system files.
    5. Lots of malwares target "normal" computers with one [C:], but my computer isn't normal.
    6. I don't store downloaded possible infected files from an unknown source on my [D:]

    I'm not worried about my system partition, I'm worried about my data partition.
    What can I do for my [D:] to protect it against infections ?
    Are there other methods, than just scanners ? Is hiding [D:] enough ? A write-protected [D:] ?
    In other words : what are the possibilities ?
     
  17. L Bainbridge

    L Bainbridge Registered Member

    Joined:
    May 15, 2006
    Posts:
    173
    Location:
    London,U.K.
    ErikAlbert
    It's not exactly protecting but AJC Active Back Up will back up multiple copies of your data files to wherever you chose so that you can retrieve a 'good' or overwrite an 'infected' data file at any time. It works continuously in the background and saves a copy whenever these files change (either for good or ill)
    I think of it a bit like FD-ISR for my data.
     
  18. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Right now it seems that moving the Documents and Settings folder is a bad idea concerning malware.
    Having a separate data partition and moving My Documents, Favorites, and selected program profiles as you have makes a lot of sense.
    It does not shield your data in any way from malware however.
    Just because your data resides on a different partition (and hard drive) makes no difference to malware.
    Once the malware is active, it can find your data and infect it.
    The location of the My Documents and Favorites folder are instantly accessible to malware.
    Even if you don't store your data in D:\My Documents, a file infecting malware can simply search for and infect any office document (or any other file for that matter).

    Moving your data to a different partition is good, however it won't make a difference to active malware.
    It will find your data because D: is available to the operating system and so available to infection by malware.

    Maybe not your documents, but according to Pieter Arntz, there are plenty of OS files to infect.

    This is good, but if you find something online that you want, you will need to save it your Data partition.

    Can't make a recommendation for you yet, not enough research.
    Some more questions need to be answered about Prevx1 and Online Armor.

    That's fine, but it won't matter to malware looking to infect your data. It will find your data on the D: partition.

    True, but again just because your data is on a different partition, won't protect it from malware.

    That's good, but bad things can and do sometimes happen to even the most disciplined security savvy users. That is when you need your security setup to catch your fall.

    You should be worried (concerned rather) about your system partition, because an infection allowed there can spread to your data partition.
    If you stop it from becoming active in the system partition, then the data partition will be fine.

    I don't think you can make your [D:] hard drive write protected, though I am not 100% sure.
    I don't know what you mean by hiding [D:].
    You can disable the [D:] hard drive in Device Manager so the D: partition no longer appears in My Computer.
    This should be enough to stop malware from accessing the D: partition.
    Whether malware can directly access a drive that has been disabled in Device Manager or if malware can enable the drive then access it, I don't know.
    You could disable it in your online snapshot and enable it in your offline shapshot.
    NOTE: You do NOT uninstall the drive. You only disable it.
    Your two hard drives will look identical in Device Manager.
    You will be able to tell the difference because only the D: drive will have the Disable option.
    Your C: system drive will only have the uninstall option.
    You access Device Manager from Control Panel/System/Hardware Tab/Device Manager button.
    Click the little plus next to Disk drives.
    Right click the top listed drive. A pop up menu appears. If it shows the option Disable, then that is the [D:] drive.
    This may sound good, and does provide a degree of isolation between the online and offline snapshot, but what if you want to keep a download?
    You will have to save it to external media (floppy, CD, DVD, USB Flash drive, or your external backup HD).
     
    Last edited: Sep 30, 2006
  19. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Devinco,
    Thanks alot for the answers. I have to think about this ...
     
  20. peelmanG4

    peelmanG4 Registered Member

    Joined:
    Sep 27, 2006
    Posts:
    6
    I guess I should find it scary then, that i can go look at mine...

    To the reply of having a 'snapshot image' and just restoring that when things go bad vs restoring windows, i have a problem with that: software changes too rapidly for me. Sure, there is a set of software like Office, that can be installed and forgotten on an image. But there are things like system drivers, that i install BEFORE I do anythign else, that i want to be able to update and put in place at every install. Same goes for most of my software that i use, i tend to shy away from programs that aren't in active development. A second problem i have is that i don't want to be locked into an image. NO matter how basic or detailed, very few of my systems receive the same setup in the end, and the fact that my reasons for formatting can range from a system plagued by a sluggish Windows interface, a poorly done system hack by me, the need to start fresh either in the interest of drive space or programs installed.

    As far as problems restoring an account etc., i stand by the thought that Windows (especially XP) is built to do this. Windows is built to be a domain client with roaming, remote profiles. A properly configured client can use the data supplied by a different client, with potentially different software sets, hardware configurations, etc. It will use what applies to it and ignore the rest. What i'm wanting ot test further, and will do so in VMWare in the coming week or two, is whether or not when i reformat, reinstall, and recreate the user accounts, how windows handles picking pu the existing data from the D:\ Parition (i renamed my folder D:\Users instead of D:\Documents and Settings, call me rebellious). From my experience with network home dirs this process should be painless, but i have lingering feeling that it will be painful, and i don't see that being put at ease until my tests are done.

    And as far as Malware, if this was my mother's or my brother's system i would agree. A more typical seperation is needed, but then again, i'm moving my family and everybody else i know who will listen away from Windows and towards Macs because the simplicity found in Unix is quite enjoyable. As for my system, Malware is not my high on my list of concerns. I run a clean ship with what i consider very good countermeasures. My systems are firewalled multiple times, i have enterprise-class AV software, and i'm intelligent about my internet habits. Anybody advanced enough to be playing with nLite should have a good personal security policy in place on his or her machines to start with, and should know what to look for and waht to avoid when it comes ot malware. Don't install applications that you don't know as being good and reputable. I've been on the internet since before it was popular, i've had web servers with exploited scripts, SQL Injection attacks, one personal attempt to infect my machine (a former friend who was pissed and emailed me a virus while IMing me telling me it was something else) but i've never had a problem with malware or other trojans (with that one exception), and i don't intend to start now. The closest thing to a virus my machine has had in the last 5 years has been Google Desktop.

    And back to that, a good Malware scanner wll more than likely pick up infected documents. Running it from a BartPE disc or something similar would solve that particular limition you're seeing.

    As far as Add/Remove programs, taht is a system wide group of settings. Invidivdual users cannot install software to "only" their accounts (Macs finally got that smart, but Windows still uses the old model of one system, one user. having multilpe account is just a long term hack until they get with the program.)

    The list of installed programs will be retained within the SYSTEM Registry, and not with the user's registry. I will verify this in my testing for you if you wish, but there is no reason nor want for Add/Remove Programs to be stored in a User's profile.

    As far as Erik's 'actual seperation' and data preservation by saving his DOCUMENTS elsewhere, you're losing a lot of user data. You're apparently not an Outlook user. I have hundreds of megs of email cached from Exchange stored in my data partition, as well as other accounts, mail archieves, etc. Not to mention personal configuration settings and data for every app on my system, all stored in either /~/Local Settings/Application Data or /~/Application Data/. This is what i'm trying to get around. I'm sick of having to go into the dozens of applications i use individually, and restore my preferences, settings, log files, user data, what have you. Having to install them each is a pain (which nLite reduces somewhat by allowing me to include tons pre-installed), let alone reconfiguring them.

    Devon, the more i read the more i think you have some serious issues with Malware that you need to address. You seem very paranoid of being infected.

    This depends on your perspective. Yes, if you proactively protect your system partition your data partition will take care of itself. However if your concern is like mine, and isn't focused on a system becoming corrupted, but rather the rapid reinstall/reconfiguration of a system, the concern about data preservation across system-level changes can be very real.


    my current worries that i haven't already outlined above include the bloating of my profile as a result of not getting regularly cleaned (except for the manual cleanings i would do whenever i felt it necessary).

    THis is being overly paranoid, IMHO. Doing this would also prevent access to your data, and when you're trying to access your data would be the same time that malware would try to access it. Sure this protects it, in the same way that unplugging your computer from any network would also protect it. it would also make it nearly useless in today's connected world.

    Another 14 days and i'll be able to do some more testing and have some better answers for you guys.
     
  21. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    You are right, I don't use MS Outlook, I use Mozilla Thunderbird.
    I cut/pasted the folder "profiles" of Thunderbird
    from "C:\Documents and Settings\Erik/Application Data/Thunderbird"
    to "D:\My Mozilla\Thunderbird"
    and I changed the file "profiles.ini" to establish the link between [C:] and [D:].
    After that all my emails and email-address-books are stored on [D:]
    I'm doing this already 6 months without problems and Mozilla describes this separation on one of their webpages.
    I did the same thing for Mozilla Firefox, because both have the same folder structure.
    I did already several upgrades of Thunderbird/Firefox without disturbing this separation.

    You say "you're losing alot of user data". I don't lose any data. Where would I lose any data ?
    If I store .doc-files (MS Word) or .xls-files (MS Excel) on [C:] or [D:], that doesn't make any difference for "MS Office 2000 Pro".
    And of course most software settings are stored on [C:], that's why I have image backup to restore these settings.
    I have my settings printed on paper of each important software, in case I have to install from scratch.

    A 100% separation is IMPOSSIBLE, because Windows and most softwares are not designed to make a 100% separation possible, although it's possible in theory.
    A good application analyst always separates software programs from user data in an application, but not all application analyst are smart enough to do this in practice. I've seen enough examples of this in my job and on internet.

    Most recent softwares provide a default folder setting, where user data can be stored in another partition/folder.
    If Thunderbird had provided this default folder setting, I wouldn't have to move the folder "profiles" from [C:] to [D:], unfortunately Thunderbird (and Firefox) didn't do this and that was a big mistake.
    Some softwares even store software programs and user data in the SAME folder under "Program Files" of Windows and that is the most stupid ERROR you can make in an application design. I avoid such softwares.
    Of course most users don't notice this, how would they know ?

    Personally, I make a difference between my personal files and all the rest.
    Losing my personal files is a disaster and that's why I stored them on another partition, far away from [C:], which I consider as a "dangerous" area, if you have an internet connection.
    Losing a software setting isn't a disaster for me.

    So all my hard work is stored on my data partition [D:] and what happens on [C:] doesn't matter, because it contains only winXPproSP2 and applications, that can be restored either via backup or archived snapshots or manually.
    I don't even care anymore, if something serious happens on [C:], because my personal files are somewhere else.

    Another good reason for separating user data is when you use FirstDefense-ISR. Each snapshot has its own "Documents and Settings" folder and I want access to all my data in each snapshot and keep all data in the same place.
    Multi-partitioning is also a good reason to separate user data. If I had two or three different OS, it would be convenient to get access to all my data in each OS, like win2000pro, winXPproSP2 and winXSPproSP2-64-bit.
     
    Last edited: Oct 4, 2006
  22. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thank you for pointing this out. You are correct, NTUSER.DAT is visible in the Documents and Settings\[CURRENT USER] folder when you are logged in.

    There is nothing wrong with doing a clean install once in a while, but an nLite CD will only get you so far.
    Making backup images of the OS was a suggestion to help you save time. If you don't want to use the time saving benefits of backup images, that's fine with me.

    Interesting test. Will Windows overwrite the Documents and Settings folder data with new blank data?

    Why do you feel the need to firewall your systems multiple times?
    Don't you trust the first firewall to do the job? How about the second? The third?

    A BartPE disc with malware scanner is unecessary when you can simply restore a clean backup image of the OS and then scan the infected documents. It will be much faster when running from the Hard drive than from CD.
    In your case, since you do move the Documents and Settings and don't make OS backup images, it is very important to scan with an up to date malware scanner on BartPE disc before you reinstall. Otherwise, an infection in Documents and Settings may persist after you reinstall.

    Counter that with not moving the documents and settings folder (just select profiles and My Documents) and using backup images.
    Simply restore, the active infection is gone and your system is back to its ideal settings. Easy.
    Then you can scan your documents within Windows.

    If you are using an admin account, then you can "Install for the current user only".
    This info will then be stored in NTUSER.DAT(HKEY_CURRENT_USER). This was posted here and elsewhere.

    Yes please test it. The programs under test should be "Installed for the current user only" in order to see where these settings are stored.

    Even if you do use Outlook, you can move the email database easily.
    A backup image can solve the problem here again. Get your system just how you like it, move profiles, tweak it, etc., backup, and you are done. You won't have to bother with it again on that system.

    It's Devinco, for some reason people have trouble typing my username.

    This is a security forum. We discuss security issues here including malware and the ways to protect against it.

    I'm not paranoid, it's just that everyone is out to get me. ;)

    That is the trade off:
    Move Documents and Settings and your reinstalls will be easier. But you create a safe place for malware to persist and become active automatically across reinstalls. You counter this security weakness by scanning the Documents and Settings folder with a malware scanner on a BartPE CD.
    That is fine too. It is a good idea if you want to go that route.
    Right now, I'll stay with moving selected profiles and documents. Maybe I'll try moving Documents and Settings in the future.

    You are missing the whole context of the answer.
    When a friend asks you a question about something that you think is unecessary, you can...
    A. Call them paranoid. If your goal is for the friend to not ask your help in the future, then go ahead.
    B. Answer their question in a helpful way that they can learn for themselves what is best for them.
    Erik is set in having an offline and online snapshot.
    I may disagree with that, but there are many different ways to computer security.
    By withholding the answer to the question, nothing is gained.

    I look forward to the results.
     
  23. peelmanG4

    peelmanG4 Registered Member

    Joined:
    Sep 27, 2006
    Posts:
    6
    Since this is a security forum i'm sure that you realize the first rule of security is layers. The more layers you have, and teh more varied, the harder a system will be to attack. So in fact, no, i do not trust any one layer to the security of my system(s). Doing so is foolish and asking for trouble.

    No...i simply stop the malware at the front door and don't let it attack my system in the first place. I use BartPE and a variety of scanners to fix computers owned by those foolish enough to become infected (my brother being at the top of the list...).

    I still don't understand the whole bout with malware. Is it truly that hard to spot and counter?

    And I'm not trying to be brash with the paranoia comments, i was merely offering a counterpoint to your suggestions. Yes, unmounting the disk WOULD prevent malware from accessing the disk. Its also going to stop the USER from accessing the disk, which doesn't do much for data access.

    BTW, just for a bit of clarity, i am already doing 'actual' seperation, with my documents folder being located on a seperate physical drive (E:\) and backed up to a 2nd physical drive in a seperate box on a separate OS.

    Erik, you say you've got the profiles for the Mozilla apps moved, wonderful. Those are the only two applications you use then?
     
  24. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    No, I mainly use "MS Word" and "MS Excel", Notepad, Adobe Reader, Snagit and I'm planning
    to use softwares for editing recorded movies, but that is for the future. First things first.
    I also use nLite, PerfectDisk, Acronis True Image Home, FirstDefense-ISR, CCleaner, Look 'n' Stop, Prevx1, ...

    Since I have my new computer, I'm little more choosy and I spend more time on investigating software,
    before I use them permanently.
    I have 8 bootable snapshots to test softwares separately or in combination, that's more than enough
    and I can create an unlimited number of archived snapshots that can be restored as bootable snapshots.
    I have 2 internal harddisk and one external harddisk, so I can do what I want on this computer.

    My dream was of course to move the entire folder "Documents and Settings" from [C:] to [D:],
    but I'm not convinced anymore that it is a good idea.
    My actual separation is mainly based on :
    - moving folders of Firefox/Thunderbird, which are the only exceptions, I made
    - changing the default folder setting in other softwares.
    But I didn't move any Windows folder to keep winXPproSP2 stable.
    So my system partition is exactly the same as a normal [C:], except that it doesn't contain personal files.
    Of course such a separation isn't good if you have several users on ONE computer and that's a pity, not in my case, but for other people I know.

    My [C:] is well protected, but my [D:] isn't protected at all and it's my intention to protect my [D:] via [C:], if possible of course. I have to think about this.
    One thing I know for sure : I don't want 30+ security softwares on my computer. That is IMO absurd. :)
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Guy's

    Moving all the Documents and settings stuff may be a fun exercise, but I don't see it vital to either security and/or backup issues.

    If you take reasonable security precautions, and have a good backup/image plan in place you won't have any problems. I've been running with one partition, and everything data and all in it, and I've had zero problems because of it.

    Pete
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.