I guess most of us have known this for many years but now even the creators of Windows have admitted it – Microsoft Says Recovery from Malware Becoming Impossible “When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit,” Said Mike Danseglio, program manager in the Security Solutions group at Microsoft.
If that wasn’t bad enough Robert X. Cringely wrote:-
Last week, a Microsoft data security guru suggested at a conference that corporate and government users would be wise to come up with automated processes to wipe clean hard drives and reinstall operating systems and applications periodically as a way to deal with malware infestations. What Microsoft is talking about is a utility from SysInternals, a company that makes simply awesome tools.
The crying shame of this whole story is that Microsoft has given up on Windows security. They have no internal expertise to solve this problem among their 60,000-plus employees, and they apparently have no interest in looking outside for help. I know any number of experts who could give Microsoft some very good guidance on what is needed to fix and secure Windows. There are very good developers Microsoft could call upon to help them. But no, their answer is to rebuild your system every few days and start over. Will Vista be any better? I don’t think so.
I find that really sad. Like many of us, I own a large collection of music and movies which are still usable 20+ years later but the data on your PC will be lucky to survive a year or two without a backup. Some copy protection systems will even forbid you to make backups or transfer to another PC so when your PC finally dies, your stuff goes with it. The only good side to all of this is you will be forced to buy your music/movie/game collection all over again and some media exec will finally get that 3rd yacht.
Its for that reason I don’t use Windows for anything serious these days but when I did I would always create separate partitions on my hard drive; one (C:) for Windows and programs and the other (D:) for all my stuff. Each time Windows had become unusable mainly due to ‘WinRot’ (A special feature of Windows to slowly degrade after about 12 months of use), I could safely wipe my C: drive, re-install Windows and programs with out losing anything valuable. I used to set-up my customers PCs in much the same way. I suspect many other engineers used similar strategies but what about the person who buys a PC from a shop ? Most of those will have everything on the C: drive so if a wipe+reinstall is needed due to a crash/virus/root-kit/etc, the owners are likely to lose everything if they have not done a backup.
I expect many people reading this would regard it as just another PC problem but I have been using Linux and BSD for about three years now and have yet to see anything like this, although Linux isn’t without its problems too. When I upgraded from SuSE 9.2 to 9.3, I noticed a ‘feature’ of SuSE Linux called ‘Update-Rot’ which silently removed a few critical programs. As this was the free version I guess I cant complain and I managed to get them all back, so all was well.
They say the worst equipment makes the best engineers so I certainly got a good education from the 6 years I spent using/fixing Windows, especially in recovering data from crippled Windows machines. So here are a few tips:-
1.It’s not a question of ‘if’ your PC crashes, its a question of ‘when’. If you are using earlier versions of Windows it will be much sooner than you think.
2.Keep any valuable data on at least one other device. There are plenty of options like CD-RW, USB drives and NAS (Network attached storage). Even an old PC could be used to backup valuable data via a network.
3.Identify where your data actually is. If you are using Linux or BSD most of your data including email, favorites, documents, music, photos and even program settings are usually kept in your personal folder. If you are using Windows things are a lot more complicated as a lot of your data will be scattered across several folders or embedded in the Registry.
4.Think security. Only install software if you trust the author and really need it. Make sure you have a decent virus scanner and firewall. As an added precaution use an ‘ADSL modem+router’ combo to access the Internet instead of just an ‘ADSL modem’.
5.There is also a rumor going around that the new version of Mac OS X will be able to run native Windows programs (a bit like VMWare, Xen or WINE) – just imagine being able to run your favorite programs without the security woes. Could be worth a look when it comes out.
It has been estimated that when data loss occurs, most companies only last about two years. I wonder how many companies have been decimated by simple Windows crash. That’s why I use Linux and FreeBSD: They rarely crash, and if they do, I know I can recover my data quite easily because of its all in one place.