Spyware Warrior

Nick · Last edited by Nick on Sat Dec 03, 2005 8:14 pm; edited 1 time in total

Here is a question for anyone out there who has a computer that doesn't have a "real" Windows disc. By "real", I mean a disc that has Windows XP or other operating system. Most mass prduced computers like HP, Compaq, and eMachines come with everything already loaded on the computer. If you decide to reinstall Windows for whatever reason, you do something along the lines of a recovery instead of using the Windows CD and formating and reinstalling. Back in 2000, you would have one or more "application recovery CDs" that you would use to either reinstall Windows or format and reinstall everything. The second option would put the computer back to exactly like it was when you first turned it on. Today, you don't even get a CD, there is a partition on the computer that has the info and you just tell it to recover.

Now my questions are:

What is the process like?

Do you have any options when doing the recovery other than formatting it and putting the computer back to just like was when you first used it?

Do you have the option to make discs to do the recovery process?

Can you get discs from your Computer manufacturer?

What make of computer do you have?

I ask because I haven't had a computer that used the newer form of recovery. I have an older HP, but it came with recovery discs. I don't know what you can or can not do on the newer ones that only have the recovery partition. The partition is probably hidden, so yu may not know you even have it. The only clue may be that you don't have any discs with your computer.

So why is this important? The new wave of malware that is coming out may find ways to insert itself into the recovery partition. If it can do that, then you'll never be able to get rid of it. If you have a real Windows CD, you can format the entire hard drive and start over. With a recovery partition, part of the hard drive will not be formatted, so there may be a place to hide things. I don't know of any example of this, and I doubt any malware has done this, but someday it will.
_________________
Nick's Security Ticker

hornet777 · Posted: Sat Dec 03, 2005 1:08 pm Post subject:

Well, I'm kinda unclear on your questions, Nick, but I tell my customers who are thinking of buying a new PC to investigate whether restore CDs are included, and also to simply budget an extra $250 for a copy of WinXP, purchased separately, precidely for the reasons you have stated.

On Dells that I have worked on there is a "diagnostic" partition, hidden, FAT32 that holds the software that is used when the PC won't boot (is in serious trouble). There is plenty of space on this hidden partition to hold whatever a malware producer could want--so yes, your concerns are definitely justified, and I think its GREAT you are voicing them.

Most of the restore disks that I have seen usually only do a "quick" format of the existing partition before restoring what came with the PC when it was new (--depending on the file system used). Some do a regular high-level format, but the lack of consistency is a cencern. Some have even suggested that a pseudo low-level format (writing zeros) is necessary for coplete removal. Not sure if I agree with that yet, but it may become necessary at some point in the future.

Lastly, I am not sure if this response was what you wanted; if not could you please clarify? Agani, thanks for voicing the issue, coz I think its an important one.

Nick · Posted: Sat Dec 03, 2005 8:34 pm Post subject:

Thanks, those answers are what I'm looking for. Most people who are experienced in fixing problems have a real Windows CD, so don't have much experience with these recovery partitions. I have worked on computers that have the recovery partitions and was surprised to see it show in My Computer. You couldn't go into it, but the fact that it could be seen made me wonder. If some of them use FAT32 as the file system, then that's not good either.

I bring this up because the whole recovery partition use was designed for ease of use and to save money. No thought was put in for security. That might have been OK a few years ago, but it is only a matter of time before someone makes a hack into the recovery partition to hide their "stuff".
_________________
Nick's Security Ticker

wawadave · Posted: Sun Dec 04, 2005 11:20 pm Post subject:

there have been trojins that were targeting ghost partions and back ups.
and many that hit verying backup files.
i,m only serpirzed they have not allready hit the hidden partitions.

but i found hideing the ghost backup with partition magic left it safe.
so its only the hidden part thats throwing hem off. it won,t be long!!! Evil or Very Mad

_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

MV_Vashon · Posted: Sun Dec 18, 2005 6:12 pm Post subject:

My dad has a HP that uses the hidden partition for the recovery. Not sure of the model (he got it in 2001 or 2002). I don't know if there is any option for making recovery discs (I'll check when I can get around to it).

I think there was a lawsuit over this.

-- LB

Moore · Posted: Wed Feb 22, 2006 1:08 pm Post subject:

I hate those recovery partitions .. worst idea ever Very Happy

I purchased a HP computer from Harvey Norman in 2002 for almost $ 3k + that had no XP cd just the stupid recovery partition.. didnt realise at the time how big a mistake this was not getting a cd.

Of course when it came time to use it , it didnt even work lol.. Twisted Evil

HP refused to give me a cd in replacement unless I bought it.. Store was just as much help.. good scam.

XP system is NTFS but recovery partition was Fat32, I just wiped the partition since it didnt work and used it for storage space..

From now on I stay right away from the big rip off stores and use the small computer shops who dont try to rip you off as much.

Basically I'd say If you dont get a windows cd dont buy the computer.
_________________
| Stop Malvertising | Outpost | Blocklist Pro | Hosts |

bigos · Posted: Sun Feb 26, 2006 4:54 pm Post subject: encrypted partion?

Couldn`t you store the backup partion in something like Cryptainer LE, which you would have to buy because the free on only lets you store up to 25mb, then you could wipe & use the normal backup partion. I think it would be safer in something like this because I don`t think that hackers can get into this sort of thing or so the people who make this software say........or am I wrong can it be hacked? Mind you it would be a good idea to write the password or sentence down in a place where you would know where to find it as you proberly wouldn`t use it very often & if you forget it then your stuck because there is no universal manufacturers code, no code no open....ever Exclamation

Your computer would have to be working good enough to atleast open this encrypted partion. If it`s easy to access with a crashed pc then I guess it`s just easy to access, period. Sad

_________________

Life is for living not just for prolonging!
B uzzz

wawadave · Posted: Sun Feb 26, 2006 8:34 pm Post subject:

there are quite a few programs free and others that will encrypt a drive or contents of a drive.
and many this password is the only week point. a good blowfish or others close or better would take a hell of a long time to crack with one computer.
but useing distributed computeing in an oganized manoreof a large bot net could crack most comon encryption in a few days to a week if useing say 1,000 computers idel cpu,s won,t be being done by many so again still basically safe.
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

P;3

hornet777 · Posted: Sun Apr 09, 2006 5:40 am Post subject:

Unclear exactly what the question is; do you want to do the recovery partition thing? In any case you are going to have to have SOME form of source disk, be it from the mfgr., or M$, or an ISO or whatever.... Also, you didn't mention of its a str8 reinstall or upgrade. Again, I'm sure 98, ME, and 2k can be had (say) from individuals on Ebay, while XP is still sold in stores... Clarify please? If the present install of whatever OS is rotten, it needs be replaced somehow; its just a matter of evaluating whether its a reinstall/recovery or fixing what is already present.

Nellie2 · Posted: Sun Apr 09, 2006 10:32 am Post subject:

P;3 If you are talking about the Breathe machine then you know as well as I do that the O/S is totally shot and you need a disk to either do an system file check or a reformat.

What Nick is talking about wont work in this case becasue there never was a recovery partition on that machine.
_________________
Life would be much easier if I had the source code

ASAP proud member since 2004

Mrkvonic · Posted: Mon Jul 31, 2006 2:15 am Post subject:

Hello,
I dislike all and any arrangements that are done without user's knowledge, intervention or physical presence, be it a hidden restore partition, installation at the shop or anything else. You can practically never be quite sure what you get.
I believe in buying computer in parts, assembling it alone or at most in the shop, buying operating system separately and installing it alone at home. I know this is not the best choice for everyone, but this is what I like. I also stay away from brand names, like Dell, HP etc, because they bundle the machine with crap and their bioses are aggressive and intrusive.
My PCs are nameless things, with parts from 5-10 different brands, all assembled in shop and by me, and all installed by myself.
But regardless of whether you buy a brand name, a mixed PC or whether you install in the shop or alone, the bare minimum would be having a hard copy of your operating system and no restore partitions.
Mrk
_________________
http://www.dedoimedo.com

roger_m · Posted: Mon Jul 31, 2006 3:54 pm Post subject:

My advice on this is to NEVER buy a brand name desktop PC.

Just get one custom made and buy copy of Windows.