So this Windows user profile just... disappeared.

[Jayce]

As a tech, I have always used Clonezilla Live to make a backup of the entire disk prior to me touching a computer. That way if something tanks, I can bring it back to how it was from the beginning.

My buddy is also a tech, but didn't use Clonezilla on this particular system. A friend of his came to him with a laptop running Vista. It was having a printer issue. Simple enough, right? He uninstalled the printer and reinstalled it. When trying to reinstall it, it was hanging. Ultimately he found Norton was interfering with it, so he uninstalled Norton.

He booted back up only to find the entire user profile deleted. Everything is just gone. He ran a recovery within Vista to try and knock it back to how it was prior but it didn't take.

He fired up an Ubuntu LiveCD and let me remote in. I ran disk usage analyzer on it and a few other utilities. Ultimately, there's no personal data on that drive. No Windows.old folder, nothing in temp. Nadda. Not a single trace of any *.mp3 file, doc file, jpg, anything. It's just gone.

Dear Vista - What the ****?

He's going to fire up a forensics LiveCD and see if he can recover anything off of it. But I have to wonder, what in the world happened? I find it VERY strange a profile can just, oops. byebye.

 

[KSoD]

I would look to Norton for this one. Since Norton threw such a fit about wanting Kernel access within Vista when UAC was first announced and it was granted things just went downhill from there. This is not the first time i have heard of a system using Norton to just lose everything.

 

[Jayce]

I find it very poor that any piece of "legit" software would apt to doing such devastation to a computer. This is exactly why I consider Norton itself to be a virus, and not an anti-virus.

My buddy has been in Helix LiveCD as well as other pieces of forensic software for a long time now trying to do a recovery on the drive. Via data carving he can pick up some data, but he can't open or view it because it's corrupt.

 

[Jayce]

Well, with the use of some forensic software we were able to dig up a small amount of usable data. We found some documents, pictures, mp3s, but that was it. Of those files, only about 1/15 files were usable, while the rest were corrupt.

I hope some users out there can take this situation and learn from it. If you are going to work on somebody's personal computer, it is EXTREMELY smart (though can be time consuming) to make an image of the computer before even touching it. On average for me it takes only about 2 minutes to start a backup image, but about an hour for it to finish the process. Well worth it in my opinion. This all started as "my printer isn't working" and rapidly turned into "oh wow. all of the data is gone." For my side projects with clients, I use Clonezilla LiveCD and a large external USB hard drive to handle the imaging.

This situation also completely solidifies why I avoid anything made by Norton. What ****ty software...

 

[KSoD]

I have to agree. As stated Norton and McAfee both threw a massive fit when Microsoft tried to lock down Kernel access from programs. They threatened to sue them for trying to hurt their business. When AVG, Avast, Eset and many others didnt need it to protect the system these 2 programs wanted it.

So Microsoft let them have it and this is what you get. A sub-par piece of software that doesnt even fully protect your system but causes massive corruption within the system even after trying to remove it. People wonder why i have had a distaste for them since i found an alternative so many years ago. I have never looked back. The program is that bad.

It also shows that a backup can go a very long way.

 

[Jayce]

Those are pretty poor attitudes from large companies such as Norton and McAfee. Windows trying to do something proactive as far as security goes and two head honcho companies stomp their feet and pout because that doesn't work out conveniently for them? Technology changes daily. Adapting to it is a requirement if you're going to survive as a software company.

Mak - as far as you know, are those the only two that require kernel access for AV usage?

 

[KSoD]

Yes those are the only 2 that gripped about Kernel access.

Symantec: MS Making Vista Insecure | Betanews

According to this Sunbelt also said something. but that is the first i heard of them commenting on something like this.

DailyTech - Sophos Supports Microsoft on PatchGuard and Scolds Symantec, McAfee

These were 2 of the first 3 search results when i searched Bing for Norton and McAfee complain about Kernel access in Vista. So it was a popular subject back when Vista was being created.

McAfee alleges Microsoft is compromising Vista security | Security | News | PC Pro
Technology News: Security: Microsoft's Refusal to Share Vista Kernel Still Drawing Fire

I could continue but i think that what i have posted shows enough evidence to what i have been saying. Microsoft has tried to help security by implementing such things as UAC to help lock down user accounts and make them operate more like Linux does with their user accounts and root accounts. But it drew heavy fire only to have Microsoft go back and finally give these 2 companies what they wanted.

Microsoft to give Vista kernel access to security firms

 

[Jayce]

I see. Good info here, Mak. Does the same that's posted above in regard to Vista still stand true to Win 7 today?

I also see that Microsoft granted kernel access to "security" companies. I wonder if companies like AVG/Avast/Avira/Kaspersky/Whoever utilizes it or if they still avoid it, with the exception of the Norton/McAfee crybabies.

 

[KSoD]

AFAIK it is the same for Win7. I didnt hear any news other wise. But only McAfee and Norton are the ones that utilize it. Avast, AVG, Eset and the rest never used it to create their software.

 

[Jayce]

AFAIK it is the same for Win7. I didnt hear any news other wise. But only McAfee and Norton are the ones that utilize it. Avast, AVG, Eset and the rest never used it to create their software.

Ahh yes. All the more reinforcement on my opinion over why I prefer Avast/Avira/AVG/Etc over Norton and McAfee.

Good info Mak. Thanks for the heads up.

I also relayed this information to my tech buddy (who all of this happened to) who then notified his friend (the victim of the lost data) and he seemed more understanding of the situation when the pieces explaining the story fell into place.

Tisk tisk, Norton. You are a true disappointment.