Author Topic: Can a recovery partition be infected?  (Read 3276 times)

Offline faith_michele

  • Anti - Phishing Staff
  • Gold Member
  • Posts: 1947
    • A Beacon of Light
Can a recovery partition be infected?
« on: March 27, 2010, 04:56:24 AM »
I thought this article explained the reasons why you should insist on a Windows Installation CD from the manufacturer that anyone can understand.  He even described what should be done if the manufacturer refuses to provide it for you.  
Quote
Can a recovery partition be infected?

Ask Leo, 19 March 2010 - Newsletter

Summary: A recovery partition is often just another visible area on your hard drive, and is at risk for several types of issues including malware infections.

Many of the new computers make a "D" partition that holds the equivalent of a Restore Disk, that used to be common practice to come with a new machine. My question is: if a machine is contaminated with viruses and/or malware, is the "Rebuild Partition" also infected?

Is it affected? Maybe, maybe not. It varies.

Can a recovery partition be infected? Absolutely.

Add that to my long list of why I dislike recovery partitions, and typically get rid of them - after doing a couple of things first.

One of the ways that computer manufacturers save money when building computers is to include less with them. Fewer disks to be shipped means lower cost for the manufacturer, and in turn lower costs to you. While the disks might seem inexpensive, when you ship thousands or millions of computers, even those small costs add up.

The problem is that the saving you some money this way often creates a different cost - in risk.

I've talked a lot about how manufacturers often don't include a Windows installation disc any more. All they give you is the pre-installed version of Windows on the machine, and a "recovery" disk. The recovery disk can't be used to install Windows, but it can be used to boot and recover or repair Windows in many circumstances.

Note that I said "many", not all. More on that in a moment.

For some time, the manufacturers have been placing the recovery disc contents on your hard disk - some times in addition to the actual disc, and apparently more frequently instead of the disc. It's often an additional partition; frequently drive D: if it's visible at all. The recovery CD, if provided, uses the information in the recovery partition, and if there's no CD there's typically a way to boot from that recovery partition.

The result is the same: you can "recover" (but not reinstall) Windows to some initial presumably repaired state. (There's actually no standard as to what a recovery should include.)

More.........

http://ask-leo.com/can_a_recovery_partition_be_infected.html
Microsoft Consumer Security MVP, July 2007-June 2010

"Fight your fights, find the grace in all the things that you can't change and help somebody, if you can." Van Zant

A Beacon of Light

Offline Predator

  • Dell Support Group
  • Bronze Member
  • Posts: 85
    • Help with Optical Drives
Re: Can a recovery partition be infected?
« Reply #1 on: March 30, 2010, 06:19:20 AM »
Very nice reading F-M, thanks for the post.

Jeff
God, grant me the senility to forget the people I never liked anyway,
the good fortune to run into the ones I do and the eyesight to tell the
difference.