With software problems, you can always start by imaging the disk (so, worst case, you can restore it to the same "broken" state from which you started -- without "losing" anything)
Imagine what it's like when you are repairing *hardware*! "Break" anything and there's no way back to "before you put your grubby little mitts on it"!
Desktop PC's are a cakewalk. But, more and more folks prefer laptops. And, sexxy *slim* laptops, at that! All sorts of "blind hardware", snap-together plastic pieces, etc. Way too easy to break something "innocently". And, you can't just glue it back together...
[ToughBooks being a pleasant exception]
The same is doubly true of smart phones, PMP's, LCD monitors, tablets, etc.
Makes taking on such a repair a very stressful exercise!
I reinstalled the OS and painfully recovered all of "his files" from the original drive.
In the process, learned that there are several different approaches to ransomware.
The first is aimed at neophytes and just threatens them (browser hijack) coupled with some crude blocks on the OS itself to make parts of the file system inaccessible (without really damaging anything). Note that if you want to lock out most files QUICKLY, you can't afford a process that takes a long time to walk the filesystem WHILE someone is expecting to be using large portions of it! This is relatively easy to do -- and easy to workaround.
The second is more involved and is willing to sacrifice large parts of the OS in the process. I.e., you *know* something is happening to your computer WHILE it is happening; things stop working! This can also be worked around -- but requires more "surgery" to recover.
Third makes a mad dash to try to encrypt or move/hide things in the hope that you don't catch on to what is happening before the damage is done. I suspect it exploits the fact that most files on a machine are NOT accessed "most of the time". So, if it avoids mucking with the OS and applications until it's done most of its damage stealthily, it can go unnoticed until too late.
I've also been told there are some that make no attempt at being recoverable; they try to damage the system quickly and effectively with no hope of recovery -- but, let you THINK there is a way out (when your IT friend claims HE can't fix it!) if you'll just remit the "requested payment".
And, some that are apparently script-kiddie products that just hijack the browser and lead you to believe your system has been hacked (but are trivial to reset).
I've thought about it and it should be relatively easy to design an exploit that stealthily goes about encrypting the drive's contents SLOWLY (so you don't notice the disk thrashing a lot and the system slowing to a crawl) while leaving the "unencrypt" function active at the same time.
[I.e., automatically decrypt any files you have encrypted that *happen* to be accessed, coincidentally, before you are ready to disclose your actions]
Then, when you're done, "flip the switch" that removes the unencrypt "courtesy functionality" that it had put into place WHILE it was doing its dirty work and leaves the entire contents encrypted!
I've taught friends who are paranoid and proactive how to image their machines regularly (to an external many-TB disk) so they can avoid using a potentially compromised OS and still do a complete restore...
- Not *too* regularly - because you don't want to be in the position of having backed up a compromised system so many times that the last "Good" version has fallen off the end of the backup list.
- Learn the discipline of separating "System" from "Data" and put data on a separate physical device or, at least, a separate D: partition.
- Use an Imaging utility that allows you to browse the image and copy files from it as if were just another drive. This because, inevitably, you will not be perfect in your practice of not keeping data on the System - and it will allow you to recover once you realize the error of your ways.
- Keep a change log where you note whenever/whatever programs have been installed/uninstalled... and any other system changes.
Then you can image the System only a few times - once when you know it is "Good" ... and then whenever changes to the log accumulate past a certain point - and take incremental backups of the "Data" drive/partition as often as desired.
Probably way to complicated for the user that thinks they have a toaster or a blender instead of a computer... but it seems to me like minimal basic hygiene to me
Good advice. At work we only have 6 computers, but each one has all their data files copied to another device "just in case" You can get a UPB drive for a few bucks for a quick backup.
You can always beg, buy, borrow, or steal a new word processing program, but you will never buy those individual files of your own.
You don't know a quarter of it... Take any circumstance of failure it will be ensured that will be the primary focus. I get your comment about tax dollars. Image one has a fund to replace their roof next year. It's almost up to needed funding, then you find 10 bux in your pocket. You say to yourself: I'll add this to the roof fund and use it to go to the Bahamas because it seems like a nice idea. Roof fund no longer exists but replacement is necessary, now. Oh and by the way we gotta replace the plumbing too.
The only advantage to keeping data on a separate partition is so IF you need to do a "bare-metal" install of your OS all your data is still safe. The only issue there is you STILL need to reinstall ALL of your saftware.
My preference is to keep an image of the C: drive on the D: drive so you can simply restore the drive to what was there - 100%. Keep a copy on a separate drive so in case the hard drive itself fails
Better than an image is a live clone to an external drive, done on a regular basis. (a bit of a PITA with the new-style GPT drives which don't like to be cloned - - - )
Keep an image of the machine "as built". Update it when you add a new application *or* undertake some major reconfiguration. With 1, 2, 3 and 4T external drives, you can create a buttload of images and never run out of space (you're only imaging executables, not "user files")
I've not included that requirement. It's all or nothing (on a partition by partition basis). The imaging and restore operations are done without the help of the local OS. So, you want it to be a turnkey operation -- not one where the user (who RARELY interacts with that software) has to remember how it works and what to "click", "drag", etc.
For the laptops that I build for a local non-profit, I build a custom "restore partition" that lets the user wipe the system and restore it to its original condition (no special media required, etc.).
In the past, I would install SteadyState so the user's "system" would be immutable -- leaving any "data" on a separate partition (or thumb drive, external drive, etc). Coupled with the above, I would never (?) need to see a machine again after having delivered it to its end user.
I do that during the initial build: Installation.txt sitting on the desktop. But, people aren't good at maintaining that sort of document.
When building a machine, I'll typically install the OS, then take an image (0_OS). Then, add the drivers and take another image (1_Drivers). Then, updates/patches and another image (2_Updates). Then, basic utilities (WinZIP, PowerToys, etc.). Then, core applications (web browser, etc.). Then, more advanced/specific applications.
The last image is the one that gets saved for the machine (the other images are there in case something goes awry while I am building and I need to roll back to an earlier stage).
I keep track of *everything* that I do in the installation log. E.g., every "preference" setting, license codes, etc. I will also include snippets of REGEDIT files (e.g., to disable Autorun the way I prefer to have it disabled; put Administrator on the login screen; etc.).
So, the first thing you do when recovering a system is copy the "final" installation log onto the desktop so you can follow it to move from restored image to the next step, forward.
I find folks moving to external "data" drives instead of having to remember to "backup" (to an external drive).
I use a similar approach with my machines: executables on C: (for windows machine) and other volumes for "working files". So, only one "project" resides on the machine at any given time (but, for me, a project may involve a few hundred GB of "stuff"). In that way, I don't have to keep track of which parts of which projects have been backed up recently...
It has been for a long time! But, not all apps play by the rules. And, most folks don't realize that you can "move" the "My Documents" hierarchy.
E.g., on the SteadyState machines, I move MyDocuments to D: (which isn't "preserved" by the SteadyState) so data files are persistent without inconveniencing the user.
My experience - with a teenager pounding on my PC couple hours a day five days a week - has been that the main virtue of having the data in it's own partition is that I can (and used to frequently) do a re-image without even thinking twice.
Box starts acting funny? Don't even *think* what the problem might be: just fire up the restore CD, kick it off, and get a cup of coffee.... Come back and all is well.
My SDD will probably cough up it's guts and die as soon as I post this, but I have never, ever had a System drive failure. I have retired a few System drives when my monitoring utility started complaining... but have never had one fail in use.
Separating data from System is huge... and my experience has been that physical drive failures are the least of the reasons why.
That's pretty much what I was trying to describe... Except, for the truly-paranoid like myself, I tend to restore from the last image and apply the changes since, and then create the next image. Cuts down on the chances of picking up something nasty-but-hard-to-find between images.
IME, most people don't install much after a machine is built. So, the "as built" image is usually "good enough" for a restore. They may have to go through and re-tweak settings and configuration options that have "evolved" to suit their tastes. But, that's usually not a big deal.
[Most people don't have lots of "applications" on a machine. By contrast, I will typically have more than 100G of apps on each machine -- and, aside from some "core utilitites", most of those are *different* from machine to machine! So, it's important that I get the configuration stuff folded into the initial image...]
That's been my practice for many years. Same with your other good advice. It's not paranoia, just sound practice for the PC. About the only thing you didn't cover is system partition size. Keeping it as small as possible increases the speed of restoring and imaging, making doing it almost casual in terms of effort. IOW, it gets done.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.