Thanks,
The trim_on_minimize feature seems to work in the same way as in Opera, it purges the process working sets by writing the dirty pages into the page file.
By explicitly freeing physical memory pages, this helps the braindead Windows page replacement algorithm, that does not even handle the LRU (Least Recent Used) algorithm in memory page replacement.
I stayed on FF 12.0 where all the most valuable addons still work. Some sites complained that I needed to upgrade the browser, so I changed the user agent string to:
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0
and told Firefox to stop updating. Here's how:
I run XP in virtual mode on VirtualBox in Ubuntu 10.04.4. A complete backup of the main XP vdi takes around 30 seconds, so I tend to do it often. If I do something stupid like install a bad program, or in the event that malware has downloaded itself, I simply save the current data files and overwrite the main vdi with the backup file. This takes only seconds. But I have had zero problems with malware.
I can send the vdi files to backup computers and have byte-identical copies running even though the motherboards, monitors, disk drives and everything else are completely different. You cannot do these things with an ordinary Windows installation.
I stay on XP due to compatibility problems with Win7. I don't waste time on antivirus programs that have low probabilility of detection and simply eat up cpu cycles and disk space.
I use Proxomitron to prevent malware from downloading, and System File Checker from Win98 to verify that none of the system files have been altered and there are no new files in any of the critical directories. I can also run Sysutils RootkitRevealer and similar programs to verify there are no rootkits installed. If malware tried to install in the boot sector, it would overwrite the Linux bootloader and I would have to reinstall Ubuntu.
I split Ubuntu into system files and a Home directory. Whenever I really screw up and have to reinstall Ubuntu, it only affects the root files. None of my setup and config files are harmed, and everything returns exactly the way I left it.
I can also copy all the Ubuntu configuration and setup to the backup computers so they are identical to my main computer. I never have to waste time fiddling with fonts, colors, system settings, or anything else to do with setting up the computers.
This is the way computing should be. No time wasted on silly configuration setups, hopelessly checking for malware, and no reinstallation of Windows that overwrites your data and program files.
Cool. Links to this:
I fetched two small add-ons and got it to be at least usable.
I can now actually see all the text, and see the tabs!
But it still sucks.
-- John Larkin Highland Technology Inc www.highlandtechnology.com jlarkin at highlandtechnology dot com Precision electronic instrumentation
I just "retreated" to v26 and checked "Never check for updates". ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: Contacts Only | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
This is a little better. Tabs on the bottom, not-hideous back/fwd arrows on the left.
-- John Larkin Highland Technology Inc www.highlandtechnology.com jlarkin at highlandtechnology dot com Precision electronic instrumentation
You might want to check out the security fixes since v26 to see if that's really a good idea.
Those who would give up essential security to obtain a little temporary convenience deserve neither security nor convenience. (Apologies to Ben Franklin).
-- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
My SOP is super-locked-down, so I'm not worried... I don't, by default, allow anything. ...Jim Thompson
--
| James E.Thompson | mens |
| Analog Innovations | et |
| Analog/Mixed-Signal ASIC's and Discrete Systems | manus |
| San Tan Valley, AZ 85142 Skype: Contacts Only | |
| Voice:(480)460-2350 Fax: Available upon request | Brass Rat |
| E-mail Icon at http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
29 seem faster to me, too. And maybe it will have less memory-leak pollution.
-- John Larkin Highland Technology Inc www.highlandtechnology.com jlarkin at highlandtechnology dot com Precision electronic instrumentation
All the latest updates are not going to help against a 0-day. You also have Flash exploits and embedded malware to worry about, plus all the latest techniques criminals use to hijack your computer.
Antivirus programs don't help and never will. They have a built-in conflict of interest. If they work 100%, they put themselves out of business.
The trick is to find a fast, reliable way to detect if you have been compromised. Then you need a quick way to overwrite the bad installation with a known good one. Update your data (LTspice, personal notes, etc.) and you are back in business.
Unfortunately, that is difficult or impossible to do with ordinary Windows installations.
I posted the solution earlier in this thread.
My PCs have hot-plug RAID drives. I occasionally pull out a drive and stick it in a baggie, and plug in a new one, which gets totally cloned in an hour or two. The drive in the baggie is my total system backup, OS and apps and all. If the current system gets corrupted, or even if the PC catches fire, I can nab another box from down the hall, plug in the drive from the baggie, and be up again in 10 minutes.
Work in progress gets backed up to servers and a Nexstar USB drive and Dropbox.
-- John Larkin Highland Technology Inc www.highlandtechnology.com jlarkin at highlandtechnology dot com Precision electronic instrumentation
True. I'm doing battle with one that installs about 10 assorted worthless applications on the machine. These are easily removed, but waste an hour of my time. It seems to be coming from a browser originated fake Adobe Flash update announcement that I've been told looks very much like the real thing. It only gets worse.
True. However, the same could be said for medicine, auto repair, and anything with an inordinately long useful life. Lifestyle medicines and software updates are quite similar. Unfortunately, I'm in the same situation. One of the ways I support my decadent and lavish lifestyle is by playing computer consultant. I've been doing it for about 30 years and have accumulated a substantial clientele of users that do not want to anything in the name of security. If I ever am able to find the ultimate security software package, or permanent security fix, I would be out of business. So, I do image backups and clean up the mess as best I can.
True. Most virus scanners are useless at preventing infections, but are tolerable at finding an infection AFTER the machine is already infected. However, cleaning up the mess has become a major time drain and there's no guarantee that it was completely successful. I had to clean up one badly infected machine 3 times in a week before I got rid of everything.
True. However, I'm not going to setup VM's (virtual machine) on all my customers systems. The best I can do is make it easy to recover. I do image backups mostly with Acronis True Image 2013. It takes about
30 mins on most Windoze desktops. If the machine is trashed, and there's a recent backup, I copy off the recent data (by date), restore the image backup, copy back the data, and I'm mostly done. It's not perfect, but it's good enough because it takes less time than a thorough cleaning.I saw that and read it with interest. I don't think any of my customers are interested in running a VM. I tried it with VMware and ran into problems with copy protection and licensing both of which check if the program is running on a VM. Besides, you're doing exactly the same think I'm doing. A VM image file is much the same as a disk image backup.
-- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
Bad idea(s). RAID and I have a long history of problems. One server, which was running 5 drive array using RAID 0+1 (mirroring and striping with a 5th drive for parity) started losing one drive at a time in roughly 1 week intervals. Drives that are identical tend to have identical lifetimes. Mixing drive models and types eliminates that problem, but seems to create performance issues.
I did the swappable drive shuffle before cheap terabyte memory was available. The problem was that you don't want your backup to be live and writeable. You also want more than one backup if possible. For example... Customer adds some defective RAM to a machine, which scribbles all over the hard drive. Not realizing what was happening, he grabs the backup drive array, inserts it into the same machine, and now has both the live and backup drive arrays trashed with no backup. I have other examples such as taking home the backup and overheating and/or beating the drive to death in car. In single drive systems, plugging in the backup drive on the same IDE or SCSI bus as the original drive to clone the drive, with both drive set as master or with the same SCSI ID, will usually result in two trashed drives.
In other words, what you're doing is too risky. I suggest you run image backups either to a USB 3.0 attached drive, or over the (gigabit) network to server. Alternate USB drives so that you have multiple backups of each machine. Between image backups, use a continuous backup program such as Memeo: or just backup your work in progress as you've been doing. (I don't like Memeo, but it's the least disgusting solution that I've used.)
-- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
What version of RAID?
From Wikipedia:
RAID 0 (also known as a stripe set or striped volume) splits data evenly across two or more disks.
RAID 1 An exact copy (or mirror) of a set of data on two disks.
RAID 5 requires that all drives but one be present to operate. Upon failure of a single drive, subsequent reads can be calculated from the distributed parity such that no data is lost. RAID 5 requires at least three disks.
RAID 2, 3, and 4 are rarely used.
How many drives are in your RAID installation?
How do you reconstruct an entire RAID installation from a single drive?
Bonus Questions:
How do you detect if you have been compromised?
Do you do online banking on your RAID installation?
Do you connect to the LAN with your Windows installation?
If so, what do you do with malware that searches the LAN and infects every installation on the LAN?
None of these problems exist with the solution I proposed.
Yes, R1. I can pull one drive out, live with everything running, and plug that drive into an identical box, boot it, and now both boxes are running all the same stuff.
The C: drive is dual, raid 1. And I have a single D drive, which I use for project backups, old data sheets, like that. I added a terabyte USB drive, so I don't use D much any more.
Boot with one drive plugged in. After it's up, plug in another drive. The raid controller immediately starts mirroring to the new drive. Works great. Once they are sync'd, in an hour or two, you can pull either one, and it has the full system image on it.
You mean viruses? I run the Microsoft malware tool now and then. I've never found anything. We have a professional firewall, and I don't visit dodgey web sites or open silly emails.
Seems to work.
The PCs are all identical HP ProLiants, most everything redundant, brutally reliable. We must have 60 or so machine-years on them so far, no problems.
No.
Sure.
Hasn't happened so far. I've been told it can't happen.
-- John Larkin Highland Technology Inc www.highlandtechnology.com jlarkin at highlandtechnology dot com Precision electronic instrumentation
Thanks for the reply and comments. I tried VMware and found too many problems. Also they blanket you with spam to try to get you to upgrade. I had to kill the email address to get it to stop. The MS version simply would not work.
Yes, you are right. The vdi file contains the complete installation plus your programs and data. The trick is you can put the complete installation for XP in less than 3 GB. This makes backup very fast, perhaps 30 seconds or less, which means you can afford to do it often. Recovery takes the same amount of time.
You can add other large vdi's to hold all the pdf datasheets, music, and other files. These are not normally affected by malware that only wants to install a keylogger and get your financial logon info.
The real advantage is you can use the System File Checker from Win98 to verify the size and CRC32 of all the critical files. It will tell you if a file has been altered or if a new one has been added. RootkitRevealer tells if someone installed a rootkit or tried to hide a file. So you get malware both ways - if it doesn't try to hide, SFC gets it. If it does try to hide, RR gets it.
SFC will not work on Win 7. There is a hidden directory that you cannot access, and SFC aborts as soon as it hits it. Also, Win 7 has a full 6 GB of every dll MS ever released. This means you need around 10 GB for the vdi file, which takes longer to back up.
Other advantages of the Virtualbox approach are you can distribute the vdi files to other backup computers and they will work fine even when the motherboards and other hardware are completely different. Windows will not allow you to do that.
You can have as many different Windows installations as your memory will allow. This means you can have a banking vdi for all financial transactions. It is stripped completely of all programs that are not needed for banking, such as email, LAN, USB, Flash, and anything else that can provide a vector for infection.
This means you can do online banking with few worries even if the main vdi has been compromised and you have not noticed yet. The malware cannot cross the barrier between installations unless it is specially crafted to know exactly how you have done the complete installation. Most malware aborts and shuts down as soon as it detects you are running in a vm in order to avoid prosecution.
As you point out, customers are simply not interested in security. They have no way to relate to the damage malware can inflict.
They may change their mind after they have been hit and their bank accounts have been wiped out.
That requires identical boxes. VirtualBox allows you to use any system you have laying around.
Backup is something like 30 seconds, so it is easy to do. I suspect backing up to a server or Dropbox will take much longer. So you won't do it as often.
But you will never know for certain. Hell of a way to run a multimillion dollar business.
Who told you that? It's what the malware is designed to do.
I have a throw away email address I use for registering software which largely acts as a bit bucket. I haven't tried VirtualBox mostly because I don't like Oracle and Larry Ellison. I guess I should swallow my pride, ignore the politics, and try it.
We have different ideas of what constitutes a complete installation. In my case, I have to deal with software that saves its data under the Program Files directory, uses the root directory for temp files, scatters configuration, lock, and transaction files everywhere possible, and even uses *.ini files. Such abominations are common in custom industry specific software. I could probably get away with a
3GB Windoze install on a cash register or thin client, but not the typical Windoze 8.1 plus Office Home and Student desktop, which weighs in at about 35GB for the basic installation.What saves the day is USB 3.0 and cheap terabyte drives. With USB
2.0, I'm getting about 500 MBytes/minute or about 30GB/hour. With USB 3.0 about 2-3 GBytes/minute or about 120-180 GBytes/hour. I'm about to try it on a very fast laptop with an SSD, which should be even faster.The speed is adequate for convincing most recalcitrant users that backing up will not have a major impact on their social schedule. The problem is that most of the backup programs that actually work require booting from a CD or flash drive. They also require a question and answer ordeal process before starting. I have a script for the user to follow, but that has failed badly a few times. I'm trying to automate Acronis True Image 2013, but don't have the time to deal with all the complications (i.e. backup over the LAN to an NAS box).
True, but the malware that worries me the most is ransomware that encrypts the users files and demands a ransom for the decryption key. Loss of data is potentially far more destructive than the loss of a day or three putting the Microsoft puzzle back together.
I never thought to try that. Thanks.
Yep, except I don't have that problem and really need to keep each machine fairly personalized. I have customers with maybe a dozen machines, no two of which are identical. However, it's a good idea if you have machines that are fairly similar. It's what Microsoft was trying to do with the HCL (hardware abstraction layer) and made a mess of it. I'm still having problems with IDE, IDE emulation, and AHCI disk driver, all of which have a different HALxxxx.dll.
Worse. They pay me to take care of their security. Security by remote control might be possible in a locked down corporate environment, but that doesn't work in my small time environment. HIPAA is another horror that so far I've side stepped. In other words, one solution doesn't it all the different types of customers.
Nope. Lighting and malware both do strike twice in the same place. The same bad habits that caused the first infection, often continue forever. I have several clueless friends that still don't understand that they really haven't won some free cash and to not click on such emails.
-- Jeff Liebermann jeffl@cruzio.com 150 Felker St #D http://www.LearnByDestroying.com Santa Cruz CA 95060 http://802.11junk.com Skype: JeffLiebermann AE6KS 831-336-2558
Another approach is to boot a live CD for online banking.
Cheers
Phil Hobbs
-- Dr Philip C D Hobbs Principal Consultant ElectroOptical Innovations LLC Optics, Electro-optics, Photonics, Analog Electronics 160 North State Road #203 Briarcliff Manor NY 10510 hobbs at electrooptical dot net http://electrooptical.net
Think of a RAID 1 pair as a single, very reliable drive. Which it is.
Sure.
Automatic backups. Nothing wrong with that.
Windows' right-click menu puts Delete right next to Rename, so once in a while I get the wrong one. But I know it immediately, and the file is in Trash, so I go get it back.
I haven't lost a file in years. My problem is that I have too many files, especially pictures and email.
VCSs scare me. I let my guys use them, but everything has to be fomally released as real standalone files. I have no faith that the VCS will be up ten years from now. I don't use VCS myself.
We do a rolling backup of our servers every night, weekly cycle. Once a week we dump them to memory sticks in cool threaded metal tubes, and stash the backups in various places in California, above different earthquake faults.
-- John Larkin Highland Technology Inc www.highlandtechnology.com jlarkin at highlandtechnology dot com Precision electronic instrumentation
Git is open-source and runs everywhere. No GUI nonsense, so there's no reason your remote descendants couldn't run it 50 years from now. Plus the latest version is always present as normal files in the filesystem.
Cheers
Phil Hobbs
-- Dr Philip C D Hobbs Principal Consultant ElectroOptical Innovations LLC Optics, Electro-optics, Photonics, Analog Electronics 160 North State Road #203 Briarcliff Manor NY 10510 hobbs at electrooptical dot net http://electrooptical.net
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.