In a room with a white ceiling

With viruses, it has become difficult. Exploits are tricky. Antiviruses help of course, but they load the car, and the reliability of operation does not allow you to relax. But that's okay, viruses are external factors. And the OS itself? The winsxs section cannot be cleaned (I found only one half-working tool), it grows at 1 gig per month and its size, due to solid links, is a complete lie. The registry is full of dirt from all kinds of left, half and very right programs. And no one can clean it qualitatively either.

Once I realized that it would not be better, this is technology. Regular cleanings do not help, antiviruses are silent. I had to look for another way. A year ago, the output was installed and tested. Also, in general, technology, the matter is not limited to one action. But once tuned - yes, you can really relax. Nothing fundamentally new, I just had the patience to finish the job. Next is a description.

Ideology:
The system drive must be untouchable. One continuous "sandbox" with a return to ideal when rebooting. Those. any program does anything with the system, at least defrag, at least format c: / u / y. But it is worth rebooting, or starting a “rollback” and everything will return back. This is the most significant moment, all the rest of the dancing will be around him. There are a fair number of programs for implementation, I personally, after several experiments, settled on DeepFreeze , but there are also Shadow Defender , Comodo TimeMachine , etc. On the board there is a comparison and a complete list .

So, first you need to completely reinstall the system. And no other way. For “freezing” the system not only needs to be clean, it would still be nice to clean and configure it after installation, then it will be more difficult. I have WinTools for this , but it's a matter of taste. And now, we have a newborn system, fast, like a car, with completely disabled unnecessary services (such as backup and updates), a cleaned sheduler and all the drivers.

Further troubles begin. Because the system disk will be “frozen”, user profiles (Documents, Downloads, settings) must be transferred to another. I move the Users directory (for W7) as a whole, it's easier. Due to the large number of hardlinks inside it, normal copying does not work here. I must say that W7 did not find its own tool for continuous copying of this kind, but others have it, though in the singular. It is called xxcopy . And of course, this copying is only possible when booting from an external system. A flash drive, a CD - it doesn’t matter if it is possible to install and run “xxcopy c: \ Users d: \ Users / BU / SC” (BU is a backup / SC - copying ACL attributes remarks PaulZi).

After that, you need to explain to Windows that its profiles are in another place, i.e. replace all entries in c: \ Users with d: \ Users in the registry. Here, too, is trouble. Of all the registry editors that I tried (more than 10), only Registry Workshop does this in full and the profile really moves. The rest, including the most fashionable and popular ones, do this work poorly and the old profile continues to be partially used. I usually immediately rename c: \ Users to c: \ Userd_Old immediately after the replacement and check if W7 did not create it again after rebooting, so everything is done correctly. This is a thin place, here you can easily bury a freshly installed system, but you don’t need to worry, no matter how you tweak the registry, you can roll back the changes and return the directory to its old place.

The rest is a matter of technology. It is necessary to roll on a clean operating system all the programs required for life, but with one remark. Do not forget - the system disk will be “frozen” and it is better to install some programs immediately somewhere else. I make a d: \ Programs directory for myself and put everything I can - there. The exceptions are programs that require their own drivers, MSOfis (where without it), a firewall and anti-AIDS. The rest is in d :. This is not a dogma, you can get everything on the c: \ drive, there are practically no programs that save their settings in .ini files (which is a pity). Firefox runs in a portable version with a cache on RAMDrive. Opera and Chrome can be launched in the same way (I use them only for debugging). And in general - almost everything that is necessary in life works in portable versions. This saves the system and restore easier if that.

And the last one. All Temp directories, both global and local user ones, are transferred to RAMDrive faster and safer, a random malware dies after a reboot. This is also not a dogma, just an extra touch. Unfortunately, the only normal RAMDrive ( VSUite ) is paid, the rest, despite all the declarations, are not able to dynamically increase memory.

That's all. The system is configured, the programs are installed, you can install and enable the "freeze". I will only add that the system disk in this case does not need to be made large. 10 gigs is more than enough. You can install new programs later - the “freeze” is removed, the program is installed, the “freeze” is returned. The main thing is not to sit for a long time with the frieze turned off, the garbage accumulates by itself, and it can no longer be removed.

I have anti-virus installed. MCAfee Enterprize. Catches cracks mainly. On half of the machines in the office there is no antivirus at all, since the practice of infection attempts has shown that with such a system rarely what kind of virus survives after a reboot, and if it survives, it is not blocked by the operating system and its body lies in open and defenseless access buried somewhere in profile.

In conclusion. Several cars made by this system have been living with me since February last year. All are as beautiful and clean as they were then. Yes, users had to explain in half with blood that the root of the drive with: \ is not the place where it is convenient to take pictures. After losing a couple of files, it dawned on them. Yes, updates have to be rolled manually. But now I'm resting. A lot and usefully. Well, even the time was found for the article.

Also popular now: