Defending the C disk with SteadyState from Microsoft
The free program can prevent permanent changes to the C disk. Think <i>Ground Hog Day</i>, says CNET Blog Network contributor Michael Horowitz.
There is huge amount of software designed to defend the Windows C disk from the bad guys--antivirus, antispyware, firewalls, yada yada yada. Huge amounts of time, effort, and money is spent defending the C disk. But, there are other approaches.
On his Security Now podcast (Episode 129, January 31, 2008), Steve Gibson discussed a free program from Microsoft called SteadyState that defends the C disk in a different way.
The problem that Gibson was looking to solve was that of a small-business owner, someone who needed to provide computers to employees, but didn't want them installing applications for their personal use. We all know where that trail leads, computers that get fouled up in one way or another and become a sinkhole of time, effort, and money.
Rather than protect the C disk from being changed at all, SteadyState allows changes and logs them while Windows is running. When the computer is turned off, or Windows is restarted, the C disk is returned to the initial state. Think Ground Hog Day, the movie with Bill Murray.
SteadyState runs on Windows XP, the Professional, Home, and Tablet PC editions. It only supports the NTFS file system and Microsoft claims it needs at least 4GB of free hard disk space, mostly for the log of changes made to the C disk.
The first obvious hassle is that the My Documents folder should be moved from the C disk. In fact, any folder where you want to store files permanently can't be on the C disk. To techies like Gibson and his Security Now companion, Leo Laporte, this is no big deal. The obvious solution involves making a new hard disk partition dedicated to storing data files. For non-techie computer users however, making a new partition is dangerous and difficult. Another option is to save files to a computer or storage device elsewhere on the network.
If either of these is too much for you, consider a USB flash drive. Laptop users in particular are well-served by storing their data files on a USB flash drive, one that can stay on their person at all times.
The second obvious hassle is software updates. Software installed on the C disk constantly needs to be upgraded both to new versions and releases as well as applying bug fixes. Anti-malware software is likely to have daily updates. Microsoft has a partial solution for this, but my initial impression is that it's all but useless. Every now and then SteadyState will need to be disabled so that necessary changes can be made to the installed software.
SteadyState is really two products. Besides rolling back changes to the C disk, it can also restrict access to dozens of Windows features. At first glance this seems to be nothing more than a new interface to some Group Policy features that have existed in Windows XP Professional from the get-go. What's new, is bringing this functionality to XP Home and making the interface friendlier to non-techies.
The concept of undoing file system changes is not new by any means. Certainly it will sound very familiar to users of Deep Freeze from Faronics and GoBack from Symantec. SteadyState doesn't offer nearly the number of features those products do, but it's free, and a huge step up from the Restore Points feature of Windows XP.
Both Gibson and Laporte think SteadyState is a great thing. Gibson has published screenshots of SteadyState and a transcript of the podcast.
Vista users will have their own version of SteadyState in the future, it is currently in beta. Mac and Linux users can use Deep Freeze (single copies are $45) to accomplish the same thing.
I'll have more to say about SteadyState in the future.
See a summary of all my Defensive Computing postings.