 |
||
Let's kill Rollback Rx!....
|
||
|
|||||||
This is a discussion on Let's kill Rollback Rx!.... within the RollBack Rx forums, part of the Disaster Recovery Programs category; Question? What is Rollback's weakest point? What would kill it? One "should" be able able to: 1) Take a snapshot ...
 |
|
|
LinkBack | Thread Tools | Display Modes |
10-29-2010, 12:36 PM
|
|||
|
|||
Let's understand Rollback Rx. vs malware
Question? What is Rollback's weakest point? What would kill it?
One "should" be able able to: 1) Take a snapshot 2) Go out on the web, purposely infect PC wil the nastiest, most vile combination of malware/virus code on the planet, leaving our PC a weeping piece of burned-out silicon (Blue screen of death or worse!) 3) "Rollback" to our safe snapshot (from the HOME key at this point) 4) Enjoy the rest of day, because our PC is "back in action"......as if nothing bad happened at all! My (un-professional) guess, is that a hacker would attack: - Rollback's booting (engagment) process? - Rollback's "time" libraries? There have been a few posts regarding that while "time travel" was possible, the destination was "scrambled" and out of control. PS. The goal here is to solidify and see Rollback Rx improve. I really like this product. It bothers me that my friends/family tell me "...never heard of it....." tubby Last edited by tubby; 11-02-2010 at 04:53 PM. 
|
|
10-29-2010, 02:27 PM
|
|||
|
|||
|
The question is why would they waste their time to attack RB Rx specifically? Don't see much point. It does not stop them from attacking the computer in the first place. Locking horns with an active defense system such as an Internet Suite would IMHO be of more interest to a hacker.
|
|
10-29-2010, 02:30 PM
|
|||
|
|||
|
Tub, I think you're asking the wrong question. Let's look back a bit. From the days of the Morris worm, forward, trojans/malware/worms/etc. started out as ego trips for budding computer scientists and occasionally from one of those but with a real malware motive of trying to hurt someone.
But take a good look now at what you see out there... "the nastiest, most vile combination of malware/virus code on the planet" is not out to hurt your PC anymore. Why... 'cause the driving force of today's malware is *PROFIT*, not ego. You can't make any money by trashing people's PCs. You can only make that money by making sure you don't upset those very same PCs, since you need to use those very same resources to further your scheme (which in not ruling the world, it's making millions of dollars). If I was a spammer, why would I ever want you to even notice that I'd like to use your machine to further my motives. Even that stupid Windows Security Virus was implemented in a very dumb way. How do they ever expect to make a dime on that scheme by locking up the PC and not allowing its owner to even deal with it. You think people don't talk/email/blog whatever anymore? It's a really bad "for profit" implementation of an attempted money making scheme. So I guess what I'm saying is what you describe is not really the threat we need to protect ourselves against. We need to further the teachings of "the street" to as many users as we can. As far as the perfectly protected system is concerned, Rollback with a good MBRguard component built in and the ability to watch ALL of the disk, not just what's used by Windows, would go a long way to protecting any system from within the Windows environment. Outside of Windows, it's a pure crap shoot.
|
|
10-29-2010, 02:47 PM
|
|||
|
|||
|
-I have been known for to suggest an occasional "un-practical" situation (ask my wife/friends!)
You are correct of course in that profit/money are and have always been the typical motive. My point is that Rollback Rx does break sometimes. I myself, find myself re-installing Rollback probably 2 times a year. I do not know why Rollback "breaks" for me about twice/year..........it just does. Perhaps it's not even Rollback "itself failing". I don't know. I like Rollback. It bugs to to here stories of folks with problems with the program, regardless of what triggered the technical issue. I am interested in whatever 'triggers" the issue. Regardless of anyones motive. tubby
|
|
10-29-2010, 02:49 PM
|
|||
|
|||
|
Two posts jumped in while I was composing, but never mind...
I know there are some adverse opinions to mine out there, but here's my take (for what it's worth): Firstly, even in the very earliest days of computer viruses it was a common means of infection for a virus to take over the boot sectors of a floppy disc, and then if somebody left an infected disc in the drive by mistake and the PC got turned on and booted from the floppy... bingo. Granted that was then and this is now, but being as the boot record is the opportunity for a virus to gain control before the OS kicks in, I would be surprised if there was nothing out there exploiting it. Then there is the file system itself. RBRx relies on having an accurate record of sectors (or, more accurately, clusters) that are in use by the OS (and all things mediated by the OS). It does that by hooking in to the file system calls and creating a virtual file system - the OS and apps see what they expect to see, but what happens under the bonnet is somewhat different. Now, I'm slightly out on a limb here because I'm not sure whether RBRx tracks the state of the surrent file system - it could just preserve the snapshots and let the OS do it's thing until you take another snapshot and then it would create a record of the current state from the file allocation tables - but whichever way it does it, it still has to make sure the preserved sectors do not get overwritten by the OS thinking they're free for use. However, any disc activity that bypasses the OS file operations could mean that RBRx's database of snapshots no longer reflects the actuality... and what do viruses do to avoid detection? - that's right, they bypass the OS and access the disc directly. Some legitimate apps do that too, notably defraggers, which is why you can't run a defragger on an RBRx-protected drive. Root kits, for example, hide themselves by taking over disc access from the OS and only show the OS and apps what they expect to see (now where did I hear this before...). These are not attacks on RBRx, they are attacks on the file system and RBRx gets caught in the cross-fire. What does this add up to? What it adds up to for me is that there are all manner of nasties and legitimate programs out there which can subvert the action of RBRx. RBRx users can make sure they don't use the legitimate apps (or use them in a controlled manner), but if malware strikes there is a chance it will trash the system. I think you are being too hard on RBRx to expect it to recover from malware. Firewalls set up a defensive perimeter, AV programs are the hunter-killers. RBRx does something different and I (for one) wouldn't want it to be a jack of all trades. RBRx provides an instant uninstall when you decide that program you wanted to try was a mistake, or when an installation trashed your registry, or when two apps don't play nicely together, or when a driver breaks. Really it's just a quick and easy (and clever) way of keeping a series of images of the OS partition - but with the compromise that the images are kept on the same partition and therefore are prone to being eggs in the same basket if the basket hits the deck. That's why there has been much talk of partition imaging (I must get around to doing mine :sigh: ). But all is not lost. I am ready to accept that MOST infections do not subvert the file system, and as long as all they do is add a few executables here and there or corrupt other files, then as long as the corruptions do not prevent the RBRx boot console running it will be possible to wind back to a previous snapshot and then set about rescuing any essential files from the new (automatic) snapshot. You would of course have to be careful not to rescue any infected files!
|
|
10-29-2010, 04:57 PM
|
|||
|
|||
|
Gentlemen,
Thank you your thoughts and insite on the malware vs. Rollback issue! I want Rollback to only get better, stronger and more popular! (Any software program that allows me to go to bed at a decent hour, instead of staying up 'til 1:30AM to "un-tangle" some "God-forsaken unholy mess" my wife/kids dragged into the family PC is "Tops" in my book ! I re-visited Horizon's video (advertisment) to see for myself if I perhaps I was being too hard on Rollback Rx. (I have, in the past, forwarded the video to several co-workers and friends in hopes they might buy the product.) After all........the whole world would benefit from "smoother computing"!!! To me, Horizon's ads more than "imply" any and all repair to the ones and zeroes on the harddrive. Windows environment or not. Horizon is very fair about reminding folks Rollback can not protect against hardware issues. However, Horizon's ads/claims regarding recovery from ANY malware might not sit very well with folks irritated by a crashed system. -It's all just ones and zeroes isn't it? (I know nexstar claims the the one's and zeroe's have "attitude" also! ) tubby
|
|
10-29-2010, 05:48 PM
|
|||
|
|||
|
Tubby, you seem to be stating as a fact that RB is unable to protect against malware when I'm not sure that is true. Have you experience of this? In the years I have used RB, I have never fallen foul of malware that couldn't be recovered. In normal use, RB doesn't actually stop you getting malware of course. The system can get infected but there will always (hopefully!) be a snapshot to revert to prior to the infection taking place.
I also understand that your main thrust is how RB protects itself from attack. My actual experience from the SafeSys thread is that it does. However, I am not foolish enough to imagine that it is necessarily bullet-proof and there isn't some sort of exploit out there which could trip it up. That's why I and many others create images which protect against extreme hardware and software failure. I just think that a RB system is probably at much greater risk from user error than it is from malware. As for the 'attitude'  , yesterday, I uninstalled Comodo Time Machine from the only one of my PC's which was still running it. Simply to do some maintenance, there was nothing obviously wrong with the system. When the PC rebooted and started to go through the uninstall process, I got error after error popping up on screen from CTM. I'd never seen this with RB and things were obviously not good. I manually rebooted because it wasn't getting anywhere and the system just hung. I tried many things but it looked like the partition table had been corrupted so I restored with a previous image.It feels sometimes like the ones and zeros know when to bite! There was no malware involved, I'd just been hit by some dodgy software. But you have to be somewhat pragmatic about these things because they will happen at some point for whatever reason and you just have to try and be one step ahead .Graham
|
|
10-29-2010, 07:15 PM
|
|||
|
|||
|
Sorry, I did not mean to imply Rollback cannot survive certain "hits" by malware.
I have no evidence. In my half-dozen times (over the course of 3 years) I have un-installed/re-installed Rollback, I did not think malware was at play. My personal symptoms did not appear malware related. In fact, since I installed ver 9.1 (Vista) I have had no issues with Rollback at all! After reading several posts on this forum, I was curious about malware vs. Rollback Rx. Perhaps I could have chosen a better banner than "Let's kill Rollback Rx" I do not know why sometimes Rollback does not bring a PC back to a time when all was well. It may very well not be the software. Could be hardware and/or sunspots turning a critical one into a zero, or zero into a one for all I know! I would like to see Horizon continue to develop Rollback Rx until Bill Gates and the boys "beg" Horizon to sell it to them! tubby
|
|
10-30-2010, 04:52 AM
|
|||
|
|||
|
What a stupid post.
|
|
10-31-2010, 12:36 AM
|
|||
|
|||
|
Quote:
Quote:
I stand by what I have said before: RBRx will save you from "oops" moments and meddlesome kids, and it might save you from malware - but you can't be sure of it and you still need off-line backups and/or firewall and AV. Quote:
|
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
