Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security suggestions, Post 2 of 7


  • Please log in to reply
2 replies to this topic

#1 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 20 July 2014 - 09:16 AM

Please read post 1 of 7 first. http://www.bleepingcomputer.com/forums/t/541637/security-suggestions-post-1-of-7/#entry3426328

============
This post - Imaging Hard Drives
============

In this post, I'm going to repeat what I've said before.

When I get a new computer, I perform a "nuke and pave", and install the OS from a boxed copy of Windows.  I image the computer in stages like this:

* JUST_ACTIVATED
* JUST_ACTIVATED_WHOLE_DISK
* BASIC
* BASIC_SETTINGS
* AVAST_FW
* PDF_PTRS
* WIN_UPD_SETTINGS
* OFC_OFC_UPD
* AMP_APPS
* DEV_ENV
* DEV_ENV_FF

Each of these are presitine images, knowing there are no malware, excessive garbage (e.g. *.bak, etc).  So if something happens, I could for instance reapply the image "DEV_ENV_FF", knowing the image is malware, etc free.

However, I know that many, many, many places on the Internet recommend using programs like Paragon Backup and Recovery, Macrium, Acronis, etc to do backups, but they don't tell you what follows.

When you use the programs like mentioned above, you still can have malware problems.  Say for instance:

1.  You backed up (imaged with Macrium) your system on 2014_06_01, and it was clean of malware.

2.  You unknowingly got a malware infection on 2014_06_02.

3.  You backed up (imaged) your system on 2014_06_05.

4.  You backed up (imaged) your system on 2014_06_12, but because you didn't have sufficient space, you had to delete the image from step #1, to do this backup.

5.  On 2014_06_13, you realize that you have malware on your system, from #2.

6.  All existing images have the malware on them, thus:
6.1.  Doing a full image restore is worthless, you'll still have the malware.
6.2.  Depending on the malware, and the files you want to recover, you could still recover files that have been infected, thus you may never get clean using the Macrium (or the other program) images.
6.3.  Even if the file(s) you recover isn't infected, your image will still have the malware on it, and you could, at sometime in the future, recover file(s) that are infected.

The above needs to be taken into account, when planning your backup routine.  You (in general terms) should ALWAYS have a basic, baseline image that you know is clean, so you can use it, and know your system is clean on restore.

Have a Great Day!

:bananas: :bounce:
 



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 PM

Posted 23 July 2014 - 06:27 PM

When I get a new computer (or a family member gets a new computer), I also install a fresh OS.

But even before I do that, I make a full disk backup with a live cd.
This allows me to restore the computer like it just came out of the factory, without ever having run the initial setup.
I want this when
1) I need to have the machine repaired
2) I want to resell the machine

For a new computer, such images are very small.

Edited by Didier Stevens, 23 July 2014 - 07:03 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 23 July 2014 - 11:26 PM

In my case, on a new PC, I have restore CD/DVDs created from the restore partition, and also purchased from the manufacturer.  After I have those, a nuke and pave is done.

Have a great day!

:bananas: :bounce:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users