|
Softpanorama |
May the source be with you, but remember the KISS principle ;-)
|
| News | Main spyware page | Recommended Links | Recommended Papers | Spyware Scanners | Non-scanner antispyware tools |
| Stage 1: creating FAT32 partition | Stage 2: writing image to the HD | Restoration stage 1 | Restoration stage 2 | Restoration stage 3 | Etc |
A simple generic and very effective strategy of defense against spyware involves splitting your harddrive into two (or more) partitions (using for example Partition Magic), formatting the second partition as FAT32 and writing a clean snapshot of a C: partition (for example via Ghost) to this partition, so that you can restore it anytime your system stops functioning properly (whether because of spyware or other problems). Here are the major stages:
Stage 1: Splitting your harddrive into two partitions. You need to defrayment the volume you intend to split first be it NTFS or FAT volume. Then you can use Partition Magic or some CD-based Linux distribution to split the existing partition into two. The most common case is when the PC or laptop has one harddrive and this harddrive is formatted into one partition (C:). In this case the optimum split would probably be 70% to 30% of the disk space depending on how you plan to use the second partition. In case you need it just for recovery its size would be adequate to keep an image of the C-drive (approximately 8G for a typical Windows 2000 or XP install).
Stage 2: Formatting the second partition as FAT32. That's an easy part. If you have a Windows 98 license and an extra space it make sense to install it on this partition.
Stage 3: Creation of the image. Please note that Ghost is a DOS utility. So you need to boot from the DOS disk in the Ghost 2001-2002. In Ghost 1003 Symantec decided to be "too nice" and does some black major to do reboot Windows to DOS automatically and then reboot windows back after the image was created.
After the image was created you can return to this stage of the OS that corresponds to the image by restoring it. So if you internet connection was hosed or computer behave strangly after the deletion you can always "fall back" on a know good state of your system. With some caution most of the environment and newly created files can be preserved. This is probably the easiest way to fight complex, mutating Spyware like CoolWWWSearch.
Splitting your main partition into two is best done by Partition Magic or if you know Linux, by almost any CD-bootable Linux distribution (Knoppix, etc). In any case you should defrayment the volume you intend to split first be it NTFS or FAT volume. Actually defragmentation of C: volume should probably be done once a month with the monthly backup.
In case of a regular PC, in case you do not have Partition magic and do not want to buy one you can install the second harddrive. 40G or even 80G harddrive can be bought now for less then $50 and it is more then adequate as a image storage.
Another consideration in favor of the second harddrive is that Spyware is a bad thing, but there are other, probably more frequent cases when C: drive became unbootable or OS un-usable:
For laptop splitting the harddrive is more viable option. The other
possibility is to use 5G PCMCI card (The
5 GB PCMCIA Type II Hard Drive costs around $150) or firewire connected
harddrive.
After you created the partition and formatted it as FAT32 you can put DOS or,
better, Windows 98 on this partition but this is not strictly necessary.
A DVD might be an option too, if your C partition is not crowded and can be compressed in 4G (most can, for example mine with a lot of unnecessary staff in it is just 3.6 after fast compression by Ghost). Recent versions of Ghost (2003 and later) are capable of burning images to DVD and recognizing this DVD after boot into DOS. But in case your Os is unbootable, to access DVD to restore the image is problem in itself and in this case you do need to have a Windows 98 bootable partition with an instance of Windows 98 that recognizes your DVD drive. Also most "populated" C partitions is bigger then 4G (typical size of Windows 2000 or Windows XP C: partition is around 8G), so this is another problem. You either need to move the data and delete all temporary files before creating the image or you are out of luck. Symantec posted a list of Gnome supported burners here
Here is a relevant description:
Radified Guide to Norton Ghost by Symantec - A Tutorial on How to Create and Restore Ghost Images
Launch the Ghost [screen shot] from (true) DOS.
Select your imaging options (this step is not necessary) [screen shot]
Select Local -> Partition -> To Image [screen shot]
Select your source drive [screen shot]
Select your source partition [screen shot]
Select your image destination [screen shot]
Name the image file [screen shot]
Select compression [screen shot] (Fast is good)
[For Ghost v2003, you find the Compression options in the Advanced Settings]
Begin dumping [screen shot]
After image dumping is complete [screen shot], you should get the message: Dump Completed Successfully [screen shot].
If successful, Check the image [screen shot] to verify its validity and integrity.
Quit [screen shot].
You can do it using an OFM manager or writing a script that copies the folders that you are using to the second drive.
If computer is still bootable, then you can writing the image of DOS+Ghost to the floppy disk and then restoring the partition by rebooting from this floppy. If the computer is not bootable then you need to have a floppy (preferably attached to the case of your computer using a plastic pocket) to boot it from DOS in order to run Ghost. This is actually simpler in Ghost 2001 then in Ghost 2003.
This is trivial. After you restored the C: partition the OS is bootable and in working order so you ca restore all folders that you saved on the second (D: partition) before.
Copyright © 1996-2007 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
Standard disclaimer: The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: February 28, 2008
