Virus/Spyware question

[Pete]

Hi Everyone...I have a couple of questions. I use xpsp2, home edition.

Can viruses and spyware infect any and all drives on your pc or is it
basically the main drive (in my case c where you are in when you receive
the culprit from the web, etc. I would think a virus can give itself any
instructions it wants to, once in your system. Dunno about spyware.

On this line of thought is it necessary for me to scan both my c-drive and
my d-drive with my virus scanner (which it does unless I set it not to, and
it takes a long time), or would scanning c: be good enough. My d-drive is
the partition for the windows recovery system on my xp (which also includes
all applications that came from the factory). It takes almost as long to
scan d: as c:

Regarding spyware, Spysweeper and Ad-Aware check in c: only (by default)
when scanning files, but I can set them to check d: also. Don't know what
SpyBot does because it puts up indiscernible shit in the progress window,
and I don't see any setup menus in SpyBot for setting the drives to be
scanned.

Please try to address my questions separately (one for viruses, and one for
spyware). Basically I am asking would it be safe to just scan my c-drive.
Thanks...Pete

 

[Art]

Hi Everyone...I have a couple of questions. I use xpsp2, home edition.

Can viruses and spyware infect any and all drives on your pc or is it
basically the main drive (in my case c where you are in when you receive
the culprit from the web, etc. I would think a virus can give itself any
instructions it wants to, once in your system. Dunno about spyware.

Certainly malicious code can do pretty much whatever it wants. In the
case of viruses (actual file viruses ... replicative code) all active
drives or partitions are subject to having possible infected files.
Active drives and partitions can also be hiding places for malicious
code or portions of such code.

On this line of thought is it necessary for me to scan both my c-drive and
my d-drive with my virus scanner (which it does unless I set it not to, and
it takes a long time), or would scanning c: be good enough. My d-drive is
the partition for the windows recovery system on my xp (which also includes
all applications that came from the factory). It takes almost as long to
scan d: as c:

Practically speaking, you might consider antivirus scanning only
c:\windows and all its subdirectories as a routine on-demand scan.
There's no point in wearing out drives by excessive and overly
paranoid scanning. Both malware and spyware will be in and active on
your main drive, and in Windows. So if you catch it there in \windows
you can clean it up there first before proceeding to scan the rest of
the drive and other drives/partitions.

Regarding spyware, Spysweeper and Ad-Aware check in c: only (by default)
when scanning files, but I can set them to check d: also. Don't know what
SpyBot does because it puts up indiscernible shit in the progress window,
and I don't see any setup menus in SpyBot for setting the drives to be
scanned.

Spyware will be in and active on your main drive, so only concern
yourself with that drive. Just allow SpyBot to do its default thing

It's a good idea to learn general or generic methods of detection as
well. I won't get into any details here, but the basic idea is to use
several methods of detecting unauthorized outbound internet traffic
.... and to learn what's normal in your startup axis which includes
registry keys and startup files.

Regarding backup, removeable media should be used. I use a backup hard
drive which I can slide into a tray. It sits safely on a shelf until I
need it to restore my main drive. It's a bootable clone of my main
drive. If my main drive fails, I can be back up and running in a
minute or two. Other stuff I want to retain goes on other removeable
drives and CD.

I've found the free version of XXCLONE to be fine for reliably
creating a bootable cloned drive.

Art
http://home.epix.net/~artnpeg

 

[Pete]

Certainly malicious code can do pretty much whatever it wants. In the
case of viruses (actual file viruses ... replicative code) all active
drives or partitions are subject to having possible infected files.
Active drives and partitions can also be hiding places for malicious
code or portions of such code.


Practically speaking, you might consider antivirus scanning only
c:\windows and all its subdirectories as a routine on-demand scan.
There's no point in wearing out drives by excessive and overly
paranoid scanning. Both malware and spyware will be in and active on
your main drive, and in Windows. So if you catch it there in \windows
you can clean it up there first before proceeding to scan the rest of
the drive and other drives/partitions.

Thanks a lot Art for all the good info. I certainly am not a paranoid
scanner and only do a complete scan every so often. Both my anti-virus and
Spysweeper (Webroot) stay resident, and my pc is always clean. I basically
trust my AV and Spysweeper to pick up stuff while running resident and don't
consider it necessary to do complete scans except every couple of months or
so just as a sanity check. When I do complete scans with my AV and
Spysweeper, I also run the free AdAware and Spybot also, since they don't
take long [the damn complete scan for Spysweeper on c: is up to 12 minutes
now (used to be 4 minutes) - I think they are getting a little too big -
lol].

What I am really interested in (and confused about), is whether it is at
necessary to run a complete virus scan of my d-drive if I don't use it
(which I never have - I told you what's in it). I have gotten conflicting
opinions in other ng's and get confused. One person says sweep everything,
and a couple others say there is no need to sweep d: if I never use it and
it has already been swept and is clean (I don't see why). My logic is, even
though I don't use the d-drive (and it has been previously swept and is
clean), why couldn't a virus tell itself to go in there and wreak havoc
anyway (I hope you see what I am asking). I could not get a clear answer on
this. Could you expand on this.

Also, you mention "Both malware and spyware will be in and active on your
main drive, and in Windows". Is this always true or just true most of the
time (i.e., is it possible for a virus to go into another drive without
being active in your main drive). And, if my resident virus scanner picks
up a virus in c: and deletes it, is it always wise to *then* do a complete
scan of c: and also d: as well (even though I don't use my d-drive). I hope
I didn't get too redundant there.

Like I said in my OP I would like to stop doing complete virus scans of my
d-drive if I can be assured it is not necessary. See my question below on
spyware. Thanks for your time...Pete

Spyware will be in and active on your main drive, so only concern
yourself with that drive. Just allow SpyBot to do its default thing

Art...could you explain briefly why spyware is "only" active on your main
drive. Are you saying it is different than malware, and will never
infiltrate another drive..Pete

 

[Art]

Art wrote:

Practically speaking, you might consider antivirus scanning only
c:\windows and all its subdirectories as a routine on-demand scan.
There's no point in wearing out drives by excessive and overly
paranoid scanning. Both malware and spyware will be in and active on
your main drive, and in Windows. So if you catch it there in \windows
you can clean it up there first before proceeding to scan the rest of
the drive and other drives/partitions.

Thanks a lot Art for all the good info. I certainly am not a paranoid
scanner and only do a complete scan every so often. Both my anti-virus and
Spysweeper (Webroot) stay resident, and my pc is always clean. I basically
trust my AV and Spysweeper to pick up stuff while running resident and don't
consider it necessary to do complete scans except every couple of months or
so just as a sanity check. When I do complete scans with my AV and
Spysweeper, I also run the free AdAware and Spybot also, since they don't
take long [the damn complete scan for Spysweeper on c: is up to 12 minutes
now (used to be 4 minutes) - I think they are getting a little too big -
lol].

What I am really interested in (and confused about), is whether it is at
necessary to run a complete virus scan of my d-drive if I don't use it
(which I never have - I told you what's in it). I have gotten conflicting
opinions in other ng's and get confused. One person says sweep everything,
and a couple others say there is no need to sweep d: if I never use it and
it has already been swept and is clean (I don't see why). My logic is, even
though I don't use the d-drive (and it has been previously swept and is
clean), why couldn't a virus tell itself to go in there and wreak havoc
anyway (I hope you see what I am asking). I could not get a clear answer on
this. Could you expand on this.

I thought I did. Viruses can spread to other drives and partitions.
That's why I suggested using removable media for anything you want
to back up. Viruses can't spread to a drive sitting on a shelf
Don't use a D: partiton of your drive and you won't have to scan it

Also, you mention "Both malware and spyware will be in and active on your
main drive, and in Windows". Is this always true or just true most of the
time (i.e., is it possible for a virus to go into another drive without
being active in your main drive).

The virus dropper will be activated on your active drive. More than
likely a scan of Windows will show up the first infection. Spreading
to other drives and partitions will or may occur only when you access
files on other drives/paritions.

BTW, viruses aren't very prevalant nowdays. Today it's mostly worms,
RATs, Trojans, Backdoors, root kits, adware and spyware. That's why
av scanning Windows will tend to catch most current malware.

And, if my resident virus scanner picks
up a virus in c: and deletes it, is it always wise to *then* do a complete
scan of c: and also d: as well (even though I don't use my d-drive). I hope
I didn't get too redundant there.

That's what I already answered, so you are being redundant
Certainly you should scan other drives/ partitions whenever a
virus or any malware is found.

Like I said in my OP I would like to stop doing complete virus scans of my
d-drive if I can be assured it is not necessary. See my question below on
spyware. Thanks for your time...Pete

If you want to complelely stop having to scan it, use a separate drive
on a removeable tray instead.

Art...could you explain briefly why spyware is "only" active on your main
drive. Are you saying it is different than malware, and will never
infiltrate another drive..Pete

Spware and many malwares will alter the registry in Windows. Use will
be made of the TCP/IP stack in Windows for "calling out". Most often,
the spyware/malware executeables and supporting files will be in a
Windows folder somewhere. That's not to say that spyware/malware
_never_ or _can't_ be registered to have a portion on a different
drive/partition. As I already posted, some malware/spyware might
try to hide there. But you find that out by scanning the registry ...
which good malware/spyware scanners will do. So it's primarily
Windows that should be scanned routinely.

Again, the real answer to your question of avoiding scanning your
d: partition complelely is to not have it all. Use removeable media.

Art
http://home.epix.net/~artnpeg

 

[Dave Cohen]

Art wrote:

Practically speaking, you might consider antivirus scanning only
c:\windows and all its subdirectories as a routine on-demand scan.
There's no point in wearing out drives by excessive and overly
paranoid scanning. Both malware and spyware will be in and active on
your main drive, and in Windows. So if you catch it there in \windows
you can clean it up there first before proceeding to scan the rest of
the drive and other drives/partitions.

Thanks a lot Art for all the good info. I certainly am not a paranoid
scanner and only do a complete scan every so often. Both my anti-virus
and
Spysweeper (Webroot) stay resident, and my pc is always clean. I
basically
trust my AV and Spysweeper to pick up stuff while running resident and
don't
consider it necessary to do complete scans except every couple of months
or
so just as a sanity check. When I do complete scans with my AV and
Spysweeper, I also run the free AdAware and Spybot also, since they don't
take long [the damn complete scan for Spysweeper on c: is up to 12 minutes
now (used to be 4 minutes) - I think they are getting a little too big -
lol].

What I am really interested in (and confused about), is whether it is at
necessary to run a complete virus scan of my d-drive if I don't use it
(which I never have - I told you what's in it). I have gotten conflicting
opinions in other ng's and get confused. One person says sweep
everything,
and a couple others say there is no need to sweep d: if I never use it and
it has already been swept and is clean (I don't see why). My logic is,
even
though I don't use the d-drive (and it has been previously swept and is
clean), why couldn't a virus tell itself to go in there and wreak havoc
anyway (I hope you see what I am asking). I could not get a clear answer
on
this. Could you expand on this.

I thought I did. Viruses can spread to other drives and partitions.
That's why I suggested using removable media for anything you want
to back up. Viruses can't spread to a drive sitting on a shelf
Don't use a D: partiton of your drive and you won't have to scan it

Also, you mention "Both malware and spyware will be in and active on your
main drive, and in Windows". Is this always true or just true most of the
time (i.e., is it possible for a virus to go into another drive without
being active in your main drive).

The virus dropper will be activated on your active drive. More than
likely a scan of Windows will show up the first infection. Spreading
to other drives and partitions will or may occur only when you access
files on other drives/paritions.

BTW, viruses aren't very prevalant nowdays. Today it's mostly worms,
RATs, Trojans, Backdoors, root kits, adware and spyware. That's why
av scanning Windows will tend to catch most current malware.

And, if my resident virus scanner picks
up a virus in c: and deletes it, is it always wise to *then* do a complete
scan of c: and also d: as well (even though I don't use my d-drive). I
hope
I didn't get too redundant there.

That's what I already answered, so you are being redundant
Certainly you should scan other drives/ partitions whenever a
virus or any malware is found.

Like I said in my OP I would like to stop doing complete virus scans of my
d-drive if I can be assured it is not necessary. See my question below on
spyware. Thanks for your time...Pete

If you want to complelely stop having to scan it, use a separate drive
on a removeable tray instead.

Art...could you explain briefly why spyware is "only" active on your main
drive. Are you saying it is different than malware, and will never
infiltrate another drive..Pete

Spware and many malwares will alter the registry in Windows. Use will
be made of the TCP/IP stack in Windows for "calling out". Most often,
the spyware/malware executeables and supporting files will be in a
Windows folder somewhere. That's not to say that spyware/malware
_never_ or _can't_ be registered to have a portion on a different
drive/partition. As I already posted, some malware/spyware might
try to hide there. But you find that out by scanning the registry ...
which good malware/spyware scanners will do. So it's primarily
Windows that should be scanned routinely.

Again, the real answer to your question of avoiding scanning your
d: partition complelely is to not have it all. Use removeable media.

Art
http://home.epix.net/~artnpeg

Just add these comment: A removeable hd was a good solution but today a usb
hd or dvd burner is a better buy. Some people go for a usb enclosure but I
don't find this cost effective.
I keep system and programs on c. Have multiple volumes in an extended
partition for data. Both are well backed up using image backup for c.
Bootitng from www.terabyteunlimited.com is a good multi function utility.
Dave Cohen

 

[Art]

Again, the real answer to your question of avoiding scanning your

Just add these comment: A removeable hd was a good solution but today a usb
hd or dvd burner is a better buy. Some people go for a usb enclosure but I
don't find this cost effective.
I keep system and programs on c. Have multiple volumes in an extended
partition for data. Both are well backed up using image backup for c.
Bootitng from www.terabyteunlimited.com is a good multi function utility.

I like using removeable drive trays since I've wound up with many
spare hard drives over the years that I can use for various
kinds of backup. Hard drives are far more reliable than CDs. The used
ones I use for backing up are all first tested for reliability using
utils from the drive vendors. These used drives receive little wear
and tear. So from a economics (and reliability) POV I'm ahead of the
game by using my "retired" former drives from "retired" machines

Art
http://home.epix.net/~artnpeg

 

[Pete]

Art wrote:

Practically speaking, you might consider antivirus scanning only
c:\windows and all its subdirectories as a routine on-demand scan.
There's no point in wearing out drives by excessive and overly
paranoid scanning. Both malware and spyware will be in and active
on your main drive, and in Windows. So if you catch it there in
\windows you can clean it up there first before proceeding to scan
the rest of the drive and other drives/partitions.

Thanks a lot Art for all the good info. I certainly am not a
paranoid scanner and only do a complete scan every so often. Both
my anti-virus and Spysweeper (Webroot) stay resident, and my pc is
always clean. I basically trust my AV and Spysweeper to pick up
stuff while running resident and don't consider it necessary to do
complete scans except every couple of months or so just as a sanity
check. When I do complete scans with my AV and Spysweeper, I also
run the free AdAware and Spybot also, since they don't take long
[the damn complete scan for Spysweeper on c: is up to 12 minutes now
(used to be 4 minutes) - I think they are getting a little too big -
lol].

What I am really interested in (and confused about), is whether it
is at necessary to run a complete virus scan of my d-drive if I
don't use it (which I never have - I told you what's in it). I have
gotten conflicting opinions in other ng's and get confused. One
person says sweep everything, and a couple others say there is no
need to sweep d: if I never use it and it has already been swept and
is clean (I don't see why). My logic is, even though I don't use
the d-drive (and it has been previously swept and is clean), why
couldn't a virus tell itself to go in there and wreak havoc anyway
(I hope you see what I am asking). I could not get a clear answer
on this. Could you expand on this.

I thought I did. Viruses can spread to other drives and partitions.
That's why I suggested using removable media for anything you want
to back up. Viruses can't spread to a drive sitting on a shelf
Don't use a D: partiton of your drive and you won't have to scan it

Also, you mention "Both malware and spyware will be in and active on
your main drive, and in Windows". Is this always true or just true
most of the time (i.e., is it possible for a virus to go into
another drive without being active in your main drive).

The virus dropper will be activated on your active drive. More than
likely a scan of Windows will show up the first infection. Spreading
to other drives and partitions will or may occur only when you access
files on other drives/paritions.

BTW, viruses aren't very prevalant nowdays. Today it's mostly worms,
RATs, Trojans, Backdoors, root kits, adware and spyware. That's why
av scanning Windows will tend to catch most current malware.

And, if my resident virus scanner picks
up a virus in c: and deletes it, is it always wise to *then* do a
complete scan of c: and also d: as well (even though I don't use my
d-drive). I hope I didn't get too redundant there.

That's what I already answered, so you are being redundant
Certainly you should scan other drives/ partitions whenever a
virus or any malware is found.

Like I said in my OP I would like to stop doing complete virus scans
of my d-drive if I can be assured it is not necessary. See my
question below on spyware. Thanks for your time...Pete

If you want to complelely stop having to scan it, use a separate drive
on a removeable tray instead.

Art...could you explain briefly why spyware is "only" active on your
main drive. Are you saying it is different than malware, and will
never infiltrate another drive..Pete

Spware and many malwares will alter the registry in Windows. Use will
be made of the TCP/IP stack in Windows for "calling out". Most often,
the spyware/malware executeables and supporting files will be in a
Windows folder somewhere. That's not to say that spyware/malware
_never_ or _can't_ be registered to have a portion on a different
drive/partition. As I already posted, some malware/spyware might
try to hide there. But you find that out by scanning the registry ...
which good malware/spyware scanners will do. So it's primarily
Windows that should be scanned routinely.

Again, the real answer to your question of avoiding scanning your
d: partition complelely is to not have it all. Use removeable media.

Thanks again Art...I already made a complete copy of my d-drive (which
contains the recovery system) on two DVD's (as recommended by the pc
manufacture) when I first got my pc. So I guess thats good enough. *Is
that correct*. I don't understand this stuff like you guys do. Could
malware prevent you from using a rescue disk, or boot disk, or recovery disc
(ie disable the use of the CD/DVD drive). Sorry if thats a dumb
question...Pete

 

[Hoosier Daddy]

Hi Everyone...I have a couple of questions. I use xpsp2, home edition.

Can viruses and spyware infect any and all drives on your pc or is it
basically the main drive (in my case c where you are in when you receive
the culprit from the web, etc. I would think a virus can give itself any
instructions it wants to, once in your system. Dunno about spyware.

They are both programs running with the privileges of the currently
logged in user (or worse) and can access all drives and partitions
the user can.

On this line of thought is it necessary for me to scan both my c-drive and
my d-drive with my virus scanner (which it does unless I set it not to, and
it takes a long time), or would scanning c: be good enough. My d-drive is
the partition for the windows recovery system on my xp (which also includes
all applications that came from the factory). It takes almost as long to
scan d: as c:

If the drive has code that can be infected (that is it is not being protected
from user access by the OS or by being encrypted so that they are not
recognizeable as suitable for infection) then there is no reason a virus
can't infect code there.

Regarding spyware, Spysweeper and Ad-Aware check in c: only (by default)
when scanning files, but I can set them to check d: also.

One thing about this is that spyware often installs itself by creating files
and using the registry to call them. Most often thetre will be something
to find in the boot drive. Some viruses OTOH just hide within a program
file and run when and if the host program file is called upon to run. Such
a virus would be perfectly happy to hide in your d drive or partition in
an executable file.

Please try to address my questions separately (one for viruses, and one for
spyware). Basically I am asking would it be safe to just scan my c-drive.

It is highly unlikely that your d drive or partition will get infected by something
that your AV missed when it was actively scanning (on-access) and yet was
capable of detecting when the drive is scanned on-demand or during a startup
scan. It would either prevent the infection in the first place or miss it in both the
first and second place. To me, "highly unlikely" isn't good enough and I would
scan all drives periodically. The "unlikely" could be a new virus that has, since
infecting your d drive, now been added to the list of detectable viruses of your
AV program. Also, the first generation virus (even of an old detectable virus)
is often undetectable by AV.

 

[Hoosier Daddy]

The virus dropper will be activated on your active drive. More than
likely a scan of Windows will show up the first infection. Spreading
to other drives and partitions will or may occur only when you access
files on other drives/paritions.

Are you sure you meant to say that?

Some viruses will search for and infect files on drives or partitions
other than the one containing the virus program file. It is true that
some viruses do as you say and will only infect files as you access
them, or other files in another partition or drive you access while the
virus is resident.

 

[Art]

Are you sure you meant to say that?

Some viruses will search for and infect files on drives or partitions
other than the one containing the virus program file. It is true that
some viruses do as you say and will only infect files as you access
them, or other files in another partition or drive you access while the
virus is resident.

Be interesting to read description(s) of the kind of file infectors
you describe ... especially if any are in circulation today. No doubt
you're right ... it's been years since I've been concerned with file
viruses. Seems like all the malware nowdays is everything but file
infectors ... though I vaguely remember some combo malware
not too long ago.

Art
http://home.epix.net/~artnpeg

 

[Art]

Thanks again Art...I already made a complete copy of my d-drive (which
contains the recovery system) on two DVD's (as recommended by the pc
manufacture) when I first got my pc. So I guess thats good enough. *Is
that correct*.

Two copies would be better. As I've said, hard drives are far more
reliable.

I don't understand this stuff like you guys do. Could
malware prevent you from using a rescue disk, or boot disk, or recovery disc
(ie disable the use of the CD/DVD drive). Sorry if thats a dumb
question...Pete

Malware is inactive when you boot up to a alternate OS via diskette
or CD. Doing a av scan after such a bootup is sometimes called a
"formal scan" and it's always the best approach. A compromise approach
is to boot up into Safe mode since only minimal Windows stuff is then
loaded. Scanning while in Windows is always at least somewhat "iffy".

Art
http://home.epix.net/~artnpeg

 

[Pete]

They are both programs running with the privileges of the currently
logged in user (or worse) and can access all drives and partitions
the user can.


If the drive has code that can be infected (that is it is not being
protected
from user access by the OS or by being encrypted so that they are not
recognizeable as suitable for infection) then there is no reason a
virus
can't infect code there.


One thing about this is that spyware often installs itself by
creating files
and using the registry to call them. Most often thetre will be
something
to find in the boot drive. Some viruses OTOH just hide within a
program
file and run when and if the host program file is called upon to run.
Such
a virus would be perfectly happy to hide in your d drive or partition
in
an executable file.


It is highly unlikely that your d drive or partition will get
infected by something that your AV missed when it was actively
scanning (on-access) and yet was
capable of detecting when the drive is scanned on-demand or during a
startup
scan. It would either prevent the infection in the first place or
miss it in both the first and second place. To me, "highly unlikely"
isn't good enough and I would
scan all drives periodically. The "unlikely" could be a new virus
that has, since infecting your d drive, now been added to the list of
detectable viruses of your
AV program. Also, the first generation virus (even of an old
detectable virus)
is often undetectable by AV.

Hoosier...thank you very much for all the good info. I'm not up on this
stuff like you guys are, so I ask questions that are largely based on my
common sense, and my limited knowledge about the subject in general.

I liked your other comment in your response to Art also (ie, "Some viruses
will search for and infect files on drives or partitions other than the one
containing the virus program file"). That is kind of what I was getting at.
Like I told Art in my last response to him, I have my d-drive on two DVD's,
so I should be safe anyway, but I will scan it every so often and not worry
about it too much .

Pete

 

[Pete]

Two copies would be better. As I've said, hard drives are far more
reliable.


Malware is inactive when you boot up to a alternate OS via diskette
or CD. Doing a av scan after such a bootup is sometimes called a
"formal scan" and it's always the best approach. A compromise approach
is to boot up into Safe mode since only minimal Windows stuff is then
loaded. Scanning while in Windows is always at least somewhat "iffy".

Art
http://home.epix.net/~artnpeg

Thanks Art...Pete

 

[Art]

It is highly unlikely that your d drive or partition will get infected by something
that your AV missed when it was actively scanning (on-access) and yet was
capable of detecting when the drive is scanned on-demand or during a startup
scan.

Not "highly unlikely" at all due to the reactive nature of av
scanning. With realtime monitors, you're stuck with the "opinion" of
only one av ... and too often that av isn't the best.

It would either prevent the infection in the first place or miss it in both the
first and second place. To me, "highly unlikely" isn't good enough and I would
scan all drives periodically.

If you ever find anything while wearing out your drives in that
fashion, you're doing something wrong Far better to learn and
practice safe hex. I'm serious. I've never taken a hit. I have to
keep telling myself to quit taking risks ... I'm far too cocky about
some of the things I do on the internet. And I never use realtime
av.

The continual issue I deal with myself is that I don't want to clone
my bootable backup drive until I'm quite sure I'm clean. Ideally, I
would stay off line for a few days, and then update my scanners
and scan ... plus my series of generic tests. Then and only then
would I re-clone my drive.

In practice, I don't stay inactive on the internet for a few days
before re-cloning. Before using the cloned drive to restore my
main drive, or portions of it, I scan the cloned drive. That takes
care of the "day zero" problem since it's always a long time between
restores. I sometimes wreck Windows by screwing around with it
too much, so I restore to fix my own messes rather than those
created by malware

Art
http://home.epix.net/~artnpeg