Results 1 to 9 of 9

Thread: Bullet Proof XP from Malware and Changes

  1. #1
    Junior Member
    Join Date
    Jul 2005
    Posts
    26

    Bullet Proof XP from Malware and Changes

    Windows Shared Computer Toolkit and Help

    This FREE Windows Utility works on both XP Home and XP Pro and XP Tablet PC editions, other versions of XP and windows are not supported.

    Basically you can read the documentation for in depth information but I will do my best to explain the advantages and disadvantages I have found using and installing this for clients as well as helping others use this at home.

    The very first thing that needs to be explained is that this is an excellent tool even for home use. The documentation makes it seems like only very public systems like a library or school can benefit by the use of this tool, which is not really true.

    The core of this tool is the windows disk protection which requires 1 Gig ("Or 10 percent of actual disk or partition size, whichever is greater") of use in unallocated disk space, what this unallocated area does is keep 2 disk images ("One to revert back to, much like one would use a system restore point for") in the event of problems, or change of mind on a modified setting.

    This may at first seem like one is giving up a ton of disk space to use this product, however the results in safety and recovery under almost any malware or accidental change or deletion soon prove to be worth the space.

    The actual space of the toolkit itself is only about 5 Megabytes, you will need to be using a Genuine version of Windows XP and may be prompted to install the User Profile Hive Cleanup Service before being allowed to install the toolkit.

    If needed you can set a multitude of user restrictions based on user id, however you could just run as you are now and even with having Admin privileges once you restart your Windows drive is as it was before you logged on. This is because any changes of any kind are actually cached and not really written to your windows partition unless you authorize it.

    So, you can do anything as Admin and have peace of mind that no matter what malware you encounter or accidental changes or deletions are done, you will be as you were before whatever happened happened.

    Say you want to add software, because it would not normally be saved after the next restart ("Using this tool") it is as simple as changing the Windows Disk Protection to "Save Changes at Next Restart". Now say you go OMG what I installed had malware, I never noticed. Not a problem because you can always revert back to one disk image prior, by using F8.

    If you have extensive tests or changes to do for new software that may require multiple restarts, you can set "Retain Changes Indefinitely".

    The restrictions on a per user basis are extensive and very selective. You are not required to use them, but you may have a need.

    So far I have seen nothing easier to use, that protects a system with rock solid logic of not allowing anything to change anything on the drive that windows is installed on, without permission. Since any and all changes to the windows drive during any logon are cached once the system is restarted there is no overhead, the only overhead of this beside the 1 Gig ("Or 10 Percent rule") initial overhead is when you save changes.

    Persistence of user data can be done by selectively keeping user profiles on a disk or partition which is not located where Windows is installed. This allows the entire drive or partition where Windows is located to remain protected while allowing users to retain changes and without the need to save changes at restart. This could cause malware to be placed on that partition or drive, however since it has no launch ability it would remain dormant. I of course would still suggest using an A/V to be safe.

    Users can also be allowed to run and install programs outside of the protected area where Windows is located and even if they installed malware doing this Windows would still remain protected for all other users because said malware could never embed anywhere for other users.

    I have installed this in many client sites, and also for friends and family, and all I can say is there is nothing more user friendly and protective which provides this kind of flexibility.

    I would like to keep this thread going for people that would like to take a crack at installing this and trying it. I will answer any questions and may be able to save some others some time about configuring and using this.

    Pros

    1. Complete protection of the entire partition or disk where Windows is located. It's like doing a total system restore in 2 seconds every restart, back to a known clean image of an entire partition or drive.

    2. Awesome per user restrictions if needed, too many to list here.

    3. A Malware testers dream, go anywhere even as Admin and have no fear. Because the entire partition or disk where Windows is located is copied to an un-allocated area on disk, would be very hard to infect.

    4. Can be easily changed, including user changes as well as other features.

    5. Lets you basically install anything, test it, and if you decide you don't want it, re-boot, and it's gone.

    6. Even if you screw up and save an image, you can revert back to one image prior, so there is some forgiveness on that.

    7. System Restore can still be used, but...you will need to do a "Save changes on next re-boot" the saved image retains your changes.

    Cons

    1. The required disk space of 1 Gig ("Or 10 percent of the disk size where Windows is located") at first is hard to stomach, even if one decided not to keep using this toolkit, you can always reclaim that space back. But it is a large chunk of disk for some. If you are a DVD/CD burner kind of person, you would want to increase this space to about 2 Gig larger if you store Lots of CD and or DVD data.

    2. When you change an image it takes about 20 seconds to complete. This can be even longer if you don't move the Windows paging file to a partition or disk other than the one Windows is located on.

    3. Anytime you make a change to Windows, of any kind, or install new software ("A/V Updates are handled automatically, and you can add scripts to handle other updates if needed") you will need to remember to set Windows Disk Protection to "Save Changes On Next Restart" otherwise any changes will not stick after restarts.

    4. The documentation at times can be confusing, however the User Interface is very easy to use.

    If anyone has any questions or needs help with setting this up just shout, if you want a FREE bullet-proof way to fortify your XP Home or XP Pro system, or need very selective user restrictions this rocks, both for corporate and home use.

    Instant recovery without even a mouse click, it all goes back as it was on the next re-boot.

    For more documentation about the toolkit please go here:

    Click Here For More Information:

    http://www.microsoft.com/windowsxp/s...s/default.mspx

    Don't let the Public places documentation on this fool you. It's a great protection method period and ....it's Free!
    Where Black, Gray and White Hats Unite to help protect YOU from current and future Exploits http://testing.OnlyTheRightAnswers.com

  2. #2
    Senior Member
    Join Date
    Mar 2005
    Posts
    400

    Talking

    I'm going to bring this sorely needed single post back to life because:

    1) We have not talked about it enough, if hardly at all!
    2) It's a FREE MS product that works better than paid products, like Deep Freeze!
    3) It'll allow you to play in your sandbox with any unknown software then save your butt afterwards with a clean bootup, even 10 reboots or more later. (no uninstall needed)!
    4) It's a tech support person's boon, god send, friendly helper, whatever. Keeping people from harming their computer and making it easy to return back to their normal settings after two mouse clicks!
    5) It doesn't slow your computer up like competing products!


    There are a couple items not clarified above.

    First, this product redirects all disk writes and reads into/out of an unpartitioned hard drive area instead of writing to your active partitions (C: or D: ). It does NOT make a copy of your partitions! It only saves those disk writes when you desire it, otherwise they are discarded.

    Second, the changes to your partitions/hard drive take place upon bootup, if changes are selected to be saved. (What is saved is, ALL changes to protected partitions/drives, not simply one or two folders while any unmonitored partitions/drives are simply ignored).

    Shutdowns are always fast and unless you save changes the bootup is as a normal Windows box. Saving changes upon bootup takes 5 seconds to 1 minute, on my 1.6GHZ laptop, depending on how much there is to save. Remember, save changes ONLY when you want to add something to your frozen partition setup, which I hardly ever do.

    As stated above, It needs at least 1GB or 10% of your drive space to collect the writes and reads. On my 80GB 7200rpm laptop drive, I've given 8GB away for it's purposes. No, I'm not missing the space so far, and probably won't ever.

    Although I haven't done any technical tests, by the seat of my pants it feels no slower than a normal Windows box without any protection.

    I've turned off ALL installed user restriction options to keep only the "REVERT" function (my words). I don't need user restrictions on my own box, I simply want the "save my butt" feature.

    Now, with the specific setup I have, you can download, install all sorts of tech tools and decide a few days later, "ahhh....I don't like em", and you're simply two clicks from watching their file strewing install disappear faster than David Copperfield.
    But what about the Outlook email I received since then, and the documents I had created\deleted\changed??
    They are still there, untouched and updated, as you left them, (on an unmonitored partition).

    Not sure about drive image products ghosting such a setup yet (haven't tried) and Partition Magic "most" of the time shuts right down when trying to access the partitions. (Partition Magic 8.01 is a really dated product anyways, and if Symantec doesn't update it real soon, I'm heading to a competitor.)

    Need I say more?
    ZT3000
    Beta tester of "0"s and "1"s"

  3. #3
    Hey, ZT, my Partition Magic is 8.05. LiveUpdate shows no further updates available at this time. Anyway, I downloaded the tool and will do some testing on my laptop. It sounds interesting, and I hope my PM 8.05 works with it.

  4. #4
    Junior Member
    Join Date
    Jul 2005
    Posts
    26
    Originally posted here by ZT3000
    I'm going to bring this sorely needed single post back to life because:

    Shutdowns are always fast and unless you save changes the bootup is as a normal Windows box. Saving changes upon bootup takes 5 seconds to 1 minute, on my 1.6GHZ laptop, depending on how much there is to save. Remember, save changes ONLY when you want to add something to your frozen partition setup, which I hardly ever do.

    Not sure if you moved the Windows Paging file to another partition or not but that also speeds the save changes up. Also it is a good idea to move your event logs to another partition or drive as well, to have event history.

    And thanks for bringing this thread back to life :-)
    Where Black, Gray and White Hats Unite to help protect YOU from current and future Exploits http://testing.OnlyTheRightAnswers.com

  5. #5
    Not sure if you moved the Windows Paging file to another partition or not but that also speeds the save changes up. Also it is a good idea to move your event logs to another partition or drive as well, to have event history.

    And thanks for bringing this thread back to life :-)
    Having your Paging File and audit logs on a separate volume (ideally a volume, separate partition otherwise) is always a good idea. Ideally, your Audit logs will be collected periodically by a separate machine/process to prevent their being overwritten and/or compromised. (Not all users care about audit logs obviously.

  6. #6
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    I've been using the Shared Computer Toolkit for a while to share a desktop with a 5-year old, and I love it. All he has is the calculator and some other non-vital thingies on his Start menu; the only programs he can execute are the ones that have icons on the Desktop.
    It's a challenge to fine-tune, though (the wizard is excellent, but I found myself locking his account, then finding some more stuff, then having to go back to my account to unlock his, then having to go back to his to change some stuff... it'd be nice if accounts could take control over others on-the-fly... something like Remote Help, but on the same computer...).

    I like the idea of using it for yourself - I would get frustrated, though... Kinda like people not wanting to use limited accounts

  7. #7
    Senior Member
    Join Date
    Mar 2005
    Posts
    400
    Didn't move the paging file to an unprotected partition as I don't want any history or anything else to alter the paging file unless I deem appropriate. The extra 30 second boot "when and only when" saving the changes, doesn't bother me in the slightest.

    Oh... when keeping the paging file in a protected partition, your event log will show a single FTDisk error each time you bootup. Microsoft says to disregard this error as it's merely informational. If you can't handle seeing the error, then move your paging file to an uprotected partition.

    I won't move the event log because it would be logging events that no longer exist in software. Also, if the event log is moved to an unprotected partition, then synchronizing all listed events with current bootup will be difficult, cause you will be saying "Oooo, an error! Does that error reflect a problem "before" or "after" I saved changes sometime three days ago?". Too much confusion.
    My way, anytime you check the event log after a bootup, it will reflect the current conditions until it reboots. Keep the event log where it is.

    (EDIT: I did not restrict my admin account in any way and no other user is listed on my machine. I simply use the Disk Protection only.) Kudos to those who learned how to modify another users desktop experience using the kit.

    Here's my setup. I say this, to save you any first time regrets, Rapier57
    Before you install the program,

    Subtract 10% of your total drive size, right off the top.
    Ex. 80GB-8GB=72GB usable space.

    Take the 72GB and decide how much you want for your C: and D: drives. (I still continue to install programs to C:, but store some data files to D: )
    Ex. C:=31GB, D:41GB

    Defrag your drive.

    Again, following our example, split the drive with C: as 31GB, next leave an 8GB unpartitioned space, lastly add a formatted 41GB primary partition (with no remaining space left).

    Using Windows Explorer and ONLY Windows Explorer (don't start your navigating through My Computer Icon) simply move your My Documents, Application Data folder, Downloads, to D: drive.
    (The hidden folder, Application Data, can be found under C:\Documents and Settings\username\. )
    Using Windows Explorer ensures your registry gets changed to reflect the new locations.

    Move your Outlook files to a folder in My Documents, then go to this link showing how to inform Outlook of the change.
    http://office.microsoft.com/en-us/as...124801033.aspx

    Install the MS Shared Toolkit. It will find the unpartitioned space all by itself. Allow it to monitor C:, but not D:. Turn OFF all other restrictions and settings.

    Before you can actually use Disk Protection, you will need to choose "Keep On", otherwise it's not protecting anything.

    Everytime you bootup you will get a desktop logon status message, explaining the current state of Disk Protection.

    Putting the Disk Protection icon on your quicklist bar causes the icon to move about each reboot. To save that aggravation, simply pin it to your Start menu instead.

    I'm sure I left something out somewhere.

    [EDIT: I just remembered the following: 1) Move your Favorites folder also. 2) Prior to doing any of the above, ensure the Distributed Link Tracking service is on automatic and is started.]

    Let me know if you need the Disk Protection options explained in clear English.

    Oh...btw, I never read the manual at all, so I have no idea what it says.
    ZT3000
    Beta tester of "0"s and "1"s"

  8. #8
    Junior Member
    Join Date
    Apr 2005
    Posts
    18
    This is an excellent tool from what it sounds like, I'm going to set this up soon, I'll share my experience.

  9. #9
    Greeting's

    For securing XP against malware I think one of the essential tool is scotty (winpatrol)

    www.winpatrol.com
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •