Once malware gets a toehold on your innocent PC, rooting out all the malware-spawned files, folders, and Registry changes can be a tough job for a typical antivirus utility. Valt.X ‘Absolute Security for Windows’ Special Edition ($89.99, direct) completely sidesteps that problem. Once you’ve installed Valt.X, every reboot rolls the system back to a safe, malware-free baseline. It’s a very simple plan, but not without a few quirks.
In addition to protecting your boot drive against all changes, Valt.X can also create what it calls a “Security Disk.” This is a password-protected virtual drive whose contents don’t get wiped out when you reboot. There are exactly four actions you can take with Valt.X: enable or disable the Security Disk, and enable or disable protection of the boot drive.
Since the boot drive gets wiped at every reboot, any files you create on that drive will vanish, as will any edits or other changes. Valt.X advises that you create a separate data partition and move your Documents, Pictures, and other such folders to that partition. You’ll also need this separate partition to store the Security Disk. Note that Valt.X’s Standard Edition, which omits the Security Disk feature, costs $40 less.
Despite the simplicity of the Valt.X concept, getting started was hardly a walk in the park. The initial download contained three files, an installer for the program, another installer for its user interface, and a user’s manual. I launched the installer, which requested a reboot. After it rebooted… nothing!
I tried launching the other installer, but it only displayed the ungrammatical warning “Error!please active first!” Digging into the manual, I found that my next step should be to right-click the C: drive and choose Activate.
Upon doing so I was confronted with a screen requesting a serial number. I entered the supplied registration code, but it wasn’t accepted. Poring over the manual, I learned that I must visit a certain website and enter both the registration code and the displayed Product ID, after which I would receive a serial number. Naturally the website was down when I first tried to follow these instructions. I can’t think of any sensible reason for this level of complexity.
The activation screen contained its own ungrammatical advice: “Please keep the Serial number in secret and don’t loose it.” I entered the serial number, chose a password, and continued with the installation.
The next step involved selecting a volume to store the Security Disk. Of course, at this point I did not even know what that meant, but fortunately there was just one choice. Following the manual’s advice I had already created a data partition, separate from the boot partition. I chose that for the Security Disk.
I launched a number of malware samples on the test system. All of them installed without a hitch; Valt.X doesn’t attempt to prevent malware attacks. I also created a couple of text files on the desktop. After a final check to make sure the malware samples were active, I rebooted the system.
Once the system finished rebooting, I checked again for the malware samples. All were gone without a trace, exactly as if they had never been installed. My text files were gone, too, since the Desktop folder was on the boot drive. Registry changes were also reversed, as the files that hold the Registry’s data reside on the boot drive.
On reboot, Valt.X wipes out all changes, including some that are important. If Windows automatically installs updates, for example, you’ll lose them at the next reboot. What you need to do is turn Automatic Updates off and then keep track of when Patch Tuesday occurs. If you’re a regular reader of our SecurityWatch Blog, you can just watch for our Patch Tuesday coverage.
To install updates that will survive reboot, you must first disable Valt.X’s protection. Right-click the boot drive in Windows Explorer, choose the ValtxVault submenu, and choose Disable Protect. You can also use the Valt.X GUI to unprotect the drive.
Your computer is now vulnerable to malware attack, and any malware that does get installed will become part of the baseline, restored automatically on every reboot. Scary! Don’t do anything except manually check for updates. Once the updates have completed, turn protection back on.
Of course, Microsoft products aren’t the only things that need updating. To make sure all of your applications and add-ins stay up to date, consider using a patch management tool like Secunia Personal Software Inspector 3.0. Here again you’ll have to turn off protection, install all updates, and then turn protection back on.
Limitations and Dangers
There’s one glaring omission in Valt.X’s security; it doesn’t force a reboot before turning off protection. Malware that’s already present on your system when you turn off protection will not only remain, it will be restored on every reboot. The company has committed to fixing this problem “in short order.” Even so, other limitations remain.
If a banking Trojan infests your computer and cleans out your bank account, rebooting isn’t going to bring back your lost cash. Rebooting will wipe out spyware, but won’t retract any personal information the spyware may have stolen. Between the time malware sleazes onto your system and the next time you reboot, it has free rein.
The need to maintain a separate data partition opens another potential security hole. Some types of malware copy themselves into every folder, or into the root directory of every drive. Those won’t be cleaned out by rolling back the boot drive. If CryptoLocker encrypts your drives and holds them for ransom, you can reboot to recover the boot drive, but your data will remain inaccessible.
Macro viruses and other document-infecting malware types aren’t as common as they once were, but it would certainly be possible for a malware attack to infect documents on your data drive.
Recovery, Not Prevention
A public computer, perhaps in a library, could make great use of Valt.X’s protection. Casual users don’t need the Security Disk, so the cheaper Standard Edition would be fine. It could do without a separate data drive, since users will typically store any documents on a thumb drive. Leaving out the data drive removes several security holes. Yes, this computer might get infected, but every reboot will not only wipe out any malware, it will also undo any changes made by the users.
For a business or personal computer, Valt.X offers recovery from malware attacks, but does nothing to prevent the attack in the first place. Anything external, like theft of data or false bank transactions, won’t be reversed by a reboot.
To get full protection, you’d need to run Valt.X along with a standard real-time antivirus like Bitdefender Antivirus Plus (2014), Norton AntiVirus (2014), or Webroot SecureAnywhere Antivirus (2014). All are Editors’ Choice products, and all cost quite a bit less than Valt.X. Webroot might be the most appropriate because it doesn’t require constant signature updates.
Copyright © 2012 Ziff Davis, Inc