modifications/edits to this are welcome - hbg
System Restore is not reliable when dealing with malware because there is the possibility that the restore itself will fail because of corruption, missing restore points, or System Restore being disabled. See here
. Malware may also affect system shutdown. Since System Restore depends on proper shutdown/restart, if the system shuts down improperly the restore would fail leaving the computer in the same condition before the restore was attempted. If the restore is successful, malware would get packed away in a system folder that virus scanners cannot clean. If you undo a restoration point, the computer would become infected again.
System Restore does not monitor files such as emails, Word documents, p2p shared folders, etcÖif a computer becomes infected through one any of these, a restore would not touch them making the restore itself useless. System Restore does not always properly remove a program from your computer. The ideal way would be to use add/remove programs from the control panel & then use System Restore if necessary. The problem is that rouge programs do not uninstall all that easily (malware writers are more clever than that) simply by using add remove. Additional removal steps are usually necessary.
You also have to consider that if any personal information such as passwords, credit card numbers, email addresses are stolen from a computer because of an infection, none of the information can be restored. You have to manually go through the process of changing your passwords, notifying credit card companies or your bank that your information was stolen, & in the event that excessive amounts of e-mailís are being sent from your computer, you would have to contact your ISP in order to prevent them from shutting down your account. Mass delivery of email, or Spam, violate your ISPís Acceptable Use Policy (AUP).
Also, if the security of a computer is lacking, or protective programs such as AVís, AntiSpyware Programs, Firewalls, etc..are not installed, System Restore would not restore a computer to a more secure state. It would probably be just a matter of time before a computer became infected again.
Restore points are automatically created every 24 hours, if your computer is always on, when installing Windows Updates & if a program uses the Windows installer for the installation. If you want to see the size of the folder, follow these instructions:
1. Click on Start
, then My Computer
2. Select Tools
, click on Folder Options
, and then select the View
3. In the Advanced Settings
option under Hidden files and folders
, select Show hidden files and folders
and clear the Hide protected operating system files
check box, then Click OK
4. Double Click on Local Disk (C:)
5. Double-click the System Volume Information
6. Right-click on the_restore directory folder
and select PropertiesDO NOT TOUCH ANYTHING IN THOSE FOLDERS!!!
Go back & redo advanced settings when you are done.
More reading available here:Windows XP System Restore GuideAll About System Restore in WinXP
(hover mouse over sub-headings for more)System Restore FAQ
(click on questions for the answers)