dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3299

fonzbear2000
Premium Member
join:2005-08-09
Saint Paul, MN

fonzbear2000

Premium Member

If this is true, Rollback Rx could be the ultimate anti-virus

According to a friend of mine, no matter how bad of a virus he gets, if he uses Rollback Rx and puts his computer back before he got the virus, he will be COMPLETELY rid of the virus and ALL traces of it. Can anyone confirm if that is true? And if so, it should be very highly promoted as the ultimate anti-virus program.

Snowy
Lock him up!!!
Premium Member
join:2003-04-05
Kailua, HI

3 recommendations

Snowy

Premium Member

There are many apps that will roll back a system to a former point in time.
The late site member dadkins See Profile was fearless due to the system rollback he had in place in 2009.
As nice as it is, it can only bring the OS back though.
e.g.,
If it were a password stealing trojan your Identity theft issues caused by the malcode would remain untouched.
BlitzenZeus
Burnt Out Cynic
Premium Member
join:2000-01-13

4 recommendations

BlitzenZeus to fonzbear2000

Premium Member

to fonzbear2000
Restoring to a previous point is not being pro-active about security, and not preventing problems in the first place.

mackey
Premium Member
join:2007-08-20

1 recommendation

mackey to fonzbear2000

Premium Member

to fonzbear2000
Yes. And it will also get rid of any (new or changes to) documents, pictures, programs, etc as well.

/M

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

2 recommendations

Blackbird to fonzbear2000

Premium Member

to fonzbear2000
In the final analysis, one can completely rid themselves of a computer virus by buying a brand new computer of the same model and OS and starting all over again. All roll-back schemes are rather similar to that, but of a shorter step... all are based simply on "starting over" from some initial point. How much is "started over" and from what point in time are the only conceptual differences in roll-back schemes.

But as Snowy See Profile observes, no roll-back scheme alone will do anything to control the amount of personal data exported from your computer by malware from the time it first became infected until it's rolled back. Another issue is that many viruses don't exactly announce their initial presence with trumpet fanfares... they quietly do their dirty deeds until somehow a hint of their presence bubbles to the top and they (or their effects) are discovered, leaving the user in something of a quandary about where to roll back to.

Roll-back schemes lie more in the category of recovery tools than antivirus tools.
85160670 (banned)
"If U know neither the enemy nor yoursel
join:2013-09-17
Edmonton, AB

1 recommendation

85160670 (banned) to BlitzenZeus

Member

to BlitzenZeus
Right on target ...... PRO active prevention is better than a cure

norwegian
Premium Member
join:2005-02-15
Outback

1 recommendation

norwegian to fonzbear2000

Premium Member

to fonzbear2000
This isn't that different to tools like Deep Freeze etc that restores the system to a set position.
Even Sandboxie for the Internet browser can be looked at in this category.

As others have pointed out:
No they are not nor the tool you mention an anti virus solution.
It won't stop an exploit or infection from extracting/uploading personal data during a live Internet session.

I would add it is advantageous to looking at adding to your system and its tools and utilities for protection and defense though, both generally and for security for long term needs.
A fresh install of the O/S and a bunch of lost software keys for your favorite software isn't fun when starting from scratch..
A rollback may be a safer option, however, just looking at a back up image from a clean system is just as good an option for recovery, cheaper and more reliable due to no third party tool such as the one you ask of possibly being hit with an exploit itself and the backup points then do not become accessible for one reason or another.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to fonzbear2000

Premium Member

to fonzbear2000
Why would you need a paid program for that? Use Restore Point Creator (which, particularly on Windows 8, makes it very easy to make restore points and access them when needed). It's free software created by a member here and is excellent...much better than System Restore in any version of Windows as it builds on System Restore and makes it better and easier to use.

»www.toms-world.org/blog/ ··· _creator
BlitzenZeus
Burnt Out Cynic
Premium Member
join:2000-01-13

2 recommendations

BlitzenZeus

Premium Member

System restore is completely useless, I know malware can survive it when restored to an earlier date before it was on the system.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

Well then Rollback RX is useless also as it is just a paid system restore method.

As for malware possibly surviving system restore sure that can happen but not likely and if it just amounts to a folder with a file that has virus in it you can just delete it. Malware can survive a deep wiping and reinstallation of the OS so nothing is perfect.

I agree with your earlier post that the OP would be much better off practicing safe hex and having strong security in place rather than thinking he/she can surf recklessly because they can just use Rollback RX WHEN NOT IF they get in trouble.

HA Nut
Premium Member
join:2004-05-13
USA

1 recommendation

HA Nut to fonzbear2000

Premium Member

to fonzbear2000
Like all things in PC security, one user's experience is not the only perspective/understanding of things.

Apparently Rollback RX cannot prevent all infections. One user's experience... »www.wilderssecurity.com/ ··· tcount=5

Beyond that, it's my understanding that Rollback RX messes with the master boot record. Something that can have serious consequences for some setups. (This is a key reason I've never considered programs like this.)
psloss
Premium Member
join:2002-02-24

1 recommendation

psloss to fonzbear2000

Premium Member

to fonzbear2000
This is another sandbox, there are lots of different types. Sandboxes don't prevent anything from happening, they just isolate it. That's great for system maintenance, but mostly speculative for other threats like identify theft.

As Snowy wrote in the first reply, you still have to be careful about what you do and how you do it. It doesn't matter where or when your identity is stolen; even inside a sandbox, anyone can figuratively expose themselves. Or literally.

mmainprize
join:2001-12-06
Houghton Lake, MI

2 recommendations

mmainprize to fonzbear2000

Member

to fonzbear2000
Many good points have been posted above why it is not good practice to think Rollback or other restore points could be used for an AV / Malware protection.

Many people don't even know when they have been infected, so if you don't know something is wrong then you don't rollback and let the infection do its work. Once you figure out you have a problem the damage could already be done. Then you must hope you have an old enough restore point.

So as always a good backup system would work also as if you have a backup you don't need the rollback software.

DownTheShore
Pray for Ukraine
Premium Member
join:2003-12-02
Beautiful NJ

2 recommendations

DownTheShore

Premium Member

" Then you must hope you have an old enough restore point."

And, that when you try to go back to that point, the system will actually be restored to it. A lot of times I've found that trying to go back to the earliest restore point retained fails.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

1 recommendation

siljaline to BlitzenZeus

Premium Member

to BlitzenZeus
said by BlitzenZeus:

System restore is completely useless, I know malware can survive it when restored to an earlier date before it was on the system.

Malware generally always infests the SR archive first so SR is expunged as a measure of security. TheJoker See Profile ; LoPhatPhuud See Profile others would profess to that.

SR has it's uses although it shouldn't be used every time one makes a small installation error.

Just my .02

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran to Mele20

Premium Member

to Mele20
Rollback Rx is more than just system restore.

Cthen
Premium Member
join:2004-08-01
Detroit, MI

Cthen to fonzbear2000

Premium Member

to fonzbear2000
I thought this was built into Windows already.

It's not as fancy looking but does restore a machine to a previous restore point. Either way, yes this can be an effective way to get rid of a virus/malware. Though in most cases, this can be more time consuming than having a decent antivirus installed to remove it or prevent from getting it in the first place. Like others have said, who knows what information may have got out before discovering that it was even there.

Also keep in mind that there has been malware released in the past that will attack restore points. After all, it's just data saved on an hdd. It only makes sense for an author to attack it and keep the malware on the system for a while longer.

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

jaykaykay to sivran

MVM

to sivran
»www.youtube.com/watch?fe ··· 920i3c5s

It's a replacement for what Symantec used to have.

mmainprize
join:2001-12-06
Houghton Lake, MI

mmainprize

Member

Yes the old "Go Back" software. These are like Acronis "Try and Decide".
These are all like sandboxes so you can go back if you screw up.

They all have problems with old snapshots. Say you make a snapshot each week. Then you restore a snapshot from 2 months ago. All work you have done in that time is lost.
Rollback has the feature to take a new snapshot to get your current files back once the old snapshot was restored, but that is a Pain, the older the snapshot is, and it may not work in all cases. Like if you got crypto-locker the snapshot after the locking is no good to recover files from. You could also restore the malware if not careful.

Any installed software during the lost two months would have to be installed again and updates also. So the older the snapshot the more work to try and get back to normal.

I guess Rollback is like a backup software but it don't need multiple TB's of storage to backup your data, it only needs the size of a snapshot.

stuckblack
@comcast.net

stuckblack to fonzbear2000

Anon

to fonzbear2000
some of the common modern viruses make the computer stuck, just showing a black screen or a virus screen, with the keyboard and the mouse no longer working. to get out, you uplug the power. but the stuck screen just reappears.

so you cant get to windows again to do the system restore.

one common solution then is just to reinstall windows, but then you lose your preferences and settings,
and the virus can still come back anyway, if it got into your files or other drive.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to DownTheShore

Premium Member

to DownTheShore
said by DownTheShore:

A lot of times I've found that trying to go back to the earliest restore point retained fails.

That usually happens because the user has neglected/didn't know to exclude "C:\System Volume Information" from antivirus scanning both real time and on demand. Microsoft has said for years that folder should always be excluded because if you don't then you risk corrupted restore points when your AV rummages around in that folder and maybe deletes something. There may be other reasons for not being able to restore to the oldest point but it is the main one.
Mele20

1 recommendation

Mele20 to siljaline

Premium Member

to siljaline
Microsoft disagrees with that stance. It is far better to have a restore point that is usable as you can disinfect after you restore. Otherwise, you may have to do a full reinstall of Windows. Microsoft even explains step by step what to do if you suspect the restore point you want to use may be infected so you can restore. I don't have a bookmark to that Microsoft article on this Win 8 computer but I'll see if it is on the XP computer next time I use it.
Mele20

Mele20 to mmainprize

Premium Member

to mmainprize
The better solution would be to use a virtual machine. One with Microsoft's drop disk capability but I think that is just on their earlier versions of software for virtual machines. I liked that because whenever I finished surfing on the virtual machine and shut it down it dropped everything I had done during that session from the disk. On the virtual machines I had running on VMWare Workstation that software did snapshots and I had lots of problems if I tried to go back to an older snapshot although the most recent one generally was ok but only if it had been made very recently so I decided drop disk that Microsoft used instead of snapshots was probably better.

Rogue Wolf
An Easy Draw of a Sad Few
join:2003-08-12
Troy, NY

1 recommendation

Rogue Wolf to fonzbear2000

Member

to fonzbear2000
Viruses don't just screw up computers; they can also steal information, and no restore program in the world can undo that problem. You're much better served keeping the malware off your machine in the first place.

Davesnothere
Change is NOT Necessarily Progress
Premium Member
join:2009-06-15
Canada

Davesnothere

Premium Member

said by Rogue Wolf:

Viruses don't just screw up computers; they can also steal information [and/or identity], and no restore program in the world can undo THAT problem.

You're much better served keeping the malware off your machine in the first place.

 
Which requires 4 things :

(1) Decent security software

(2) Careful browsing habits

(3) Proper research before installing any software, including browser plugins

(4) A dash or two of luck, because occasionally something still slips by

Only THEN should one of the 'Cures' mentioned in this thread be needed.

Cheers !
intok (banned)
join:2012-03-15

intok (banned) to fonzbear2000

Member

to fonzbear2000
Thats all fine and good till you get a trojan that managed to stay hidden for a few years. In which case it's been backed up in those rollbacks.

balloonshark
Lets Go Mountaineers
join:2006-08-11
WV

balloonshark to psloss

Member

to psloss
Sandboxie can limit what can run and has internet access in the sandbox. You can also block access to certain areas of your computer from the sandbox.

I've been using Sandboxie for years. I've also used Returnil and Shadow Defender light virtualization apps as well as FD-ISR on Windows XP. If more people used programs such as these they would stay out of the security cleanup forums.

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC

1 recommendation

siljaline to Mele20

Premium Member

to Mele20
I wasn't disputing the usefulness of System Restore on any PC.

My inference that using an infected SR archive could and will bite you. That was my sole argument with most uses of SR.

coldmoon
Premium Member
join:2002-02-04
Fulton, NY

coldmoon to Mele20

Premium Member

to Mele20
said by Mele20:

The better solution would be to use a virtual machine. One with Microsoft's drop disk capability but I think that is just on their earlier versions of software for virtual machines. I liked that because whenever I finished surfing on the virtual machine and shut it down it dropped everything I had done during that session from the disk. On the virtual machines I had running on VMWare Workstation that software did snapshots and I had lots of problems if I tried to go back to an older snapshot although the most recent one generally was ok but only if it had been made very recently so I decided drop disk that Microsoft used instead of snapshots was probably better.

First, you are no safer using a VM than you are using your computer for the same reasons mentioned earlier in the thread. Next, the idea of Drop Disk is the same basic idea behind boot-to-restore. Where it becomes security is in the design of the instant system recovery, how it does or does not protect content being saved to disk, and at what level the virtualization is working at (ref: file system or disk).

What you need to do is to think in layers with security and programs like our RVS and Quietzone work within a layered strategy to ENFORCE a clean state and provide a simple, effective means to preserve workstation productivity and availability.

Backups and full images are also part of an effective strategy as they allow you to recover in the worst case scenario such as equipment/hardware failure and disasters.

Mike

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

1 recommendation

jaykaykay to Snowy

MVM

to Snowy
God bless him...