[Windows] Easily remove malware, viruses, and unwanted changes by rebooting with Reboot Restore Rx

reboot_restore_rxWhen it comes to protecting your computer, there is traditional protection in the form of anti-virus, firewall, etc. Then there is unorthodox protection vis-a-vis wiping all changes made to computer upon reboot; you know, similar to the functionality provided by programs like Windows SteadyState, Returnil System Safe, DeepFreeze, Drive Vaccine, etc. Reboot Restore Rx is a freeware program that also provides this same functionality.

What is it and what does it do

Main Functionality

Reboot Restore Rx is a program that removes all changes made to your computer when you restart or shut down. This includes all changes: files/folders downloaded or modified or deleted, Windows settings customized, registry changed, programs installed or uninstalled, malware infections, etc.

Take note Reboot Restore Rx is true freeware — it can be used for home and commercial use, including education and not-for-profit. In fact, Reboot Restore Rx was originally created for use by schools but of course can be used for other purposes, too.

Also take note Reboot Restore Rx is not a replacement for anti-virus/anti-malware; it is a supplement.

Pros

  • Removes any and all changes made to computer by restoring computer back to the ‘baseline’ state after you restart or shut down
    • Note: Baseline state is the state of your computer (files, folders, settings, etc.) when you install Reboot Restore Rx. This baseline can be updated periodically at your own leisure if you have changes you want to keep.
  • Allows users to easily modify the baseline state by disabling protection, making changes to computer that you want to keep, then re-enabling protection. Upon re-enabling protection, baseline is updated to include all the changes you made to your computer while protection was disabled. This allows you to easily update your computer (e.g. Windows update, update programs, etc.) and ensure Reboot Restore Rx does not undo those desired changes.
  • Has a ‘Mini OS’ feature which works outside of Windows. Mini OS runs prior to Windows booting (i.e. runs “under” Windows) and is what restores your computer back to baseline state. Mini OS ensures literally everything is protected and restored, including Master Boot Record, and ensures corrupted Windows can also be restored back to baseline.
  • Allows users to select which partitions on their hard drive they want to protect — doesn’t just protect C:/ (you make the selection during installation of Reboot Restore Rx and cannot change after installation)
  • Extremely easy-to-use; install the program, select which partitions you want to protect, and go — Reboot Restore Rx automatically creates the baseline and restores to baseline every time you reboot
  • Is relatively lightweight and should not bog down your computer — roughly 20MB of RAM usage while idle (although this may vary from computer to computer)

Cons

  • There is no ability to password protect the program to prevent unauthorized changes to baseline or to prevent users from disabling/uninstall Reboot Restore Rx. Indeed, anyone that is using the computer can easily update the baseline and/or disable and/or uninstall Reboot Restore Rx.
  • Does not have self-protection capabilities to prevent malware/viruses from force closing the program
    • Note: As per my tests, even when Reboot Restore Rx is force closed, if it was enabled prior to force closing then it still restores back to baseline state upon restart/shut down. So the only thing lack of self-protection does is annoying the heck out of the user who want to update the baseline from within Windows by closing Reboot Restore Rx’s system tray client.
  • Is hidden from Add/Remove Programs — you need to manually run uninstall.exe from C:\RebootRestoreRx\program files\Shield if you want to uninstall Reboot Restore Rx
  • Can protect multiple partitions on the same hard drive but is unable to protect multiple hard drives — will only protect your primary drive
  • Has no ability to provide users with a “safe” location in which users can save files/folders they want to keep after reboot. So the only way to keep changes made to files/folders is by updating the baseline, which incorporates all changes made to computer and people may not necessarily want to do that
    • Note: You can, technically speaking, create your own “safe” location to use with Reboot Restore Rx. This can be done by partitioning your hard drive to include a new partition and not protecting that partition with Reboot Restore Rx. Then whenever you want to ensure files are saved even after reboot, place the files in that unprotected partition.
  • No message is displayed prior to restart/shut down that all changes made to computer will be undone; there should be a warning message display to remind users to save files/folders/changes they desire to keep by either updating the baseline or saving data elsewhere (e.g. on the cloud or external hard drive), else users may forget and unintentionally lose their work/data

Discussion

2013-04-10_202109Reboot Restore Rx is a relatively new program developed by a company — Horizon Data Sys — that has been in the “system rollback” business (as this is called) for over a decade. The idea behind Reboot Restore Rx, as explained by the CEO of Horizon Data Sys, was to provide a freeware solution to schools who were screwed when Microsoft ended support for SteadyState. Hence Reboot Restore Rx was born, a stripped-down version of Horizon Data Sys’ shareware product Drive Vaccine. (Note: While the intention for Reboot Restore Rx was for use by schools, it is completely freeware and can be used by anyone.)

In that regard, Reboot Restore Rx does exactly what it claims: every time you shut down or restart your computer, your computer is rolled back to the baseline state. This means all changes made to your computer (files modified, new files, new programs, programs uninstalled, malware infections, etc.) are undone; your computer is reverted to the state it was when the baseline was created.

The first baseline of your computer is created after you install Reboot Restore Rx. During installation, you are asked which partitions you want to protect and after installation you must restart your computer. After that initial after-install-restart, your first baseline is created. Every time you restart or shutdown your computer after that moment will result in your computer being restored to that baseline.

If you ever want to update the baseline to keep recent changes you make to your computer or files/data, e.g. you want to apply Windows Updates, you can. All you have to do to update the baseline is temporarily disable Reboot Restore Rx protection by right-clicking the system tray icon and unchecking ‘Restore on Reboot’. Then when you recheck ‘Restore on Reboot’ a new baseline is created based on the state of your computer and files/data at that moment. The whole process takes less than a minute, typically.

My biggest issue with Reboot Restore Rx is that is a bit too simple. Most notably, it has no way to prevent unauthorized changes to the baseline or to prevent users from simply disabling or uninstalling Reboot Restore Rx. There is no password protection of the program. Lacking this type of protection is irrelevant if you are using Reboot Restore Rx on your personal computer. However, not having password protection makes Reboot Restore Rx semi-useless on shared computers (such as at school) because users can easily circumvent its protection. Hopefully the developer will add this feature in future updates.

That said, let me provide some commentary on Reboot Restore Rx’s ability to remove malware infections upon reboot.

As per my tests, Reboot Restore Rx does indeed remove all changes made to computer — including removing malware. So, in theory, Reboot Restore Rx will provide you with, as the developer says, “bullet-proof protection” against all malware, because it reverts your computer back to a prior state which makes it as if you were never infected in the first place. However, all programs have security holes that can be exploited (e.g. the developer of beloved Sandboxie openly admits: “…from time to time, people are able to find some vulnerability in Sandboxie, an open hole through which malicious software can still infiltrate the system. This happens once every few months, on average, and is quickly resolved by closing the hole that is the attack vector. “); it isn’t a matter of if a program has a vulnerability but rather a matter of when it is found and who it is found by. So, while in theory Reboot Restore Rx will protect you against all malware, in practice there may be some malware that sneak by Reboot Restore Rx if they exploit an unknown vulnerability in Reboot Restore Rx.

This issue is not unique to Reboot Restore Rx; it affects all programs. The only way to combat this threat is by the developer of Reboot Restore Rx regularly issuing updates that plug security vulnerability as they are found. So I took a look to see how quickly the developer pushes out updates for Reboot Restore Rx. Unfortunately, Reboot Restore Rx is a new program currently at v1.0 released in March 2013, so there is no update history to follow. However, I looked at the update history for Drive Vaccine and R0llback Rx (two similar but shareware programs by the same developer) and it appears that the developer issues roughly every 6-12 months. Is that a good update timeline? Typically I’d say “no, that is too slow” but it all depends on how many vulnerabilities in Reboot Restore Rx are discovered. If it is a relatively well programmed program with little vulnerabilities, updates every 6-12 months are no big deal. However, if Reboot Restore Rx turns out to be a program with massive amounts of security holes, then 6-12 months is way too slow and you should not use this program as a form of protection against malware. Since Reboot Restore Rx is a new program, it is hard to make this judgement right now — only time will tell.

By point about the discussion on Reboot Restore Rx’s ability to remove malware isn’t necessarily to scare you away from Reboot Restore Rx. Rather, my point is to ensure you don’t remove your anti-virus/anti-malware thinking you are protected by Reboot Restore Rx. Reboot Restore Rx should be used in conjunction with your anti-virus/anti-malware, not as a replacement. The two won’t conflict (but you will need to manually update the baseline at least once a day to ensure you are getting anti-virus/anti-malware database updates) and will work well together, especially seeing as Reboot Restore Rx is not a resource hod (little to no CPU consumption and roughly 20MB RAM usage while idle).

Conclusion and download link

Reboot Restore Rx does exactly what it claims to do: remove all changes (including malware infections) made to your computer upon reboot. I don’t recommend using Reboot Restore Rx in a public setting due to its lack of password protection but it is a nice tool for use at home or on a private computer, either as a secondary layer to protect yourself from malware or as a tool to use when you want to test new programs without risking damage to your system. Overall, Reboot Restore Rx is a decent program; it is worth at least checking out if you are in the market for a program like this.

Price: Free

Version reviewed: 1.0

Supported OS: Windows 2000/XP/Vista/Win7/Win8 (32-bit and 64-bit)

Download size: 4.5MB

VirusTotal malware scan results: 1/45

Is it portable? No

Reboot Restore Rx homepage

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

15 comments

  1. RaymondC

    [@Rubert Cornell] If you do have a chance of changing it now, look at the new version of Reboot Restore Rx.

    The developers also have a similar product to Deep Freeze. It is called Drive Vaccine. Although, Drive Vaccine is much more cheaper and has alot more features and functions.

  2. RaymondC

    Spot on review here Ashraf. I was looking for a review on Reboot Restore Rx and here I am. However, just to point out that there is a new version of Reboot Restore Rx v2.0 released.

    I believe they have taken your suggestion and others seriously and have implemented an additional security feature allowing only Administrators to be able to click on the Reboot Restore sys-tray icon. It even supports Windows8.1.

    I have done some minimal tests and it works well. There seems to be no security loop holes that I could find. This definitely improves things for Reboot Restore Rx.

    Hopefully you can get to try it out. Cheers.

  3. Rubert Cornell

    Its a freeware, say they don’t provide the features like password protection.So any one can easily disabled it. We told our students that we “protected” their machines and they can do anything with it. But under an hour, one of my student noticed the systray icon, it was over. We really get pissed off. So rather going for it, we are using a paid version of system restore software by Faronics. http://www.faronics.com/products/deep-freeze/enterprise/

  4. Mr.Dave

    This one seems kind of backward for my preferences: I would rather enable something when it’s needed instead of disable something when it’s not. I’m trying Toolwiz Timefreeze these days, so far it seems to work.

    Reboot Restore Rx looks very useful and free (I like free!) so I may give it a whirl and see if it’s been my thinking that’s backward. My main concern is that things seem to update all the time on my computer, not just at bootup or when I wish they would. Not sure how I would know when to disable RRRx so things CAN get updated.

    It’s a serious problem with Windows that there’s no way for programs to add their updates to a central list that users can run or postpone, like Windows update, whenever they want. How nice it would be to work without the interruptions and loss of resources as some program thinks a critical moment for me is the perfect time for an update!

  5. MikeR

    Interesting report. I wonder how this compares with the commercialware Rollback RX, which on a BDJ offer last year was being discounted out at 70% off under the name MagiCure. I gave it a shot because Rollback RX has an excellent reputation, but never had cause to try it until this morning (wow, talk about coincidence.)

    I installed and ran Piriform’s ‘Defraggler’ yesterday for the first time seeing as how I have a great deal of faith in the company that produces CCleaner. A tech review on another site rated ‘Defraggler’ very highly and especially for several unique features such as its ability to (quote) move large files and folders that aren’t used much to the end of the drive so as to help speed up a PC’s boot time (unquote).

    I tried it on the biggest folders I have (My Pictures, My Music, My Videos) and everything went well. But then I noticed, those folders now appeared with shortcut arrows. And clicking on any of them resulted in “Access Denied” screens. I was too tired, after a busy day, to bother any further so shut down the PC and went to bed.

    This morning, the computer wouldn’t boot up at all. Windows reported a string of error codes. Quite clearly, Piriform’s “Defraggler” had played havoc in its much-vaunted shift-large-folders-around and, had System Restore still been enabled, that would likely have been caught up in the mess, too — System Restore is anything but a dependable fail-safe but is in any event disabled by MagiCure / Rollback RX.

    I sighed. Re-booted and, because MagiCure loads before Windows, pressed the ‘Home’ key on the keyboard then selected the most recent ‘snapshot’ date of two days ago. Approximately three minutes later — i.e., in infinitely less time than Windows System Restore functions, when it’s, er, actually functioning — this PC was up and running fine again.

    Rollback RX / MagiCure snapshot all Windows systems, settings, programs and user data at the time of the snapshot (an action which take no more than 10 seconds.) Having never experienced this kind of snapshot rollback before, I have to say, I’m hugely impressed. All I lost were a few files from yesterday and 24 hoursworth of definitions that took just a few minutes today to download for Avast AV and Malwarebytes PRO.

    If this free Reboot Restore RX software is able to offer that kind of ease of use, comprehensive fuss-fee 10-second snapshotting and the 3-minute return of an unbootable computer to 100% working, then it seems likely to garner the support of many, many ordinary home users everywhere.

  6. Tony77

    Excellent review Ashraf, Thank you. Totally agree with you about the warning for changes.
    Is there a way to recover the changes if I find out later that I need that?
    also, should I worry about the Trojan warned by VirusTotal scan?
    Thanks

  7. Louis

    @ V :

    Good point re AV updates & browser tabs, esp for me.

    That would technically make it possible, but not all that viable to replace my current system, which I use as a backup to my AV, anti-malware etc : Which is occasionally to go through a sequence of purging my restore points, running full scans with every security program on OS drive (all data goes to another partition, except of course My Documents and Downloads folder still on OS partition, which would need to be manually copied over to the Data partition, along with making a backup of Chrome using BrowserBackup, and remembering to copy over the data associated with Skype which also resides deep in the system drive etc), defrag if necessary, etc, then make a system image of the ‘clean’ system every once in a while, to restore to in case something does gets through and screw with my system, as it does occasionally happen .

    I would see another potential technical issue : Before downloading, then installing Windows Updates, you had better remember to uncheck the software for the necessary reboot to activate the Win Updates, otherwise it will disappear like thin air !

    But for short term use, like getting rid of a new piece of software which doesn’t meet expectations, it would be a better method to use this and just reboot and eliminate all traces, rather than rely on Revo deep scan, good as it is, which probably does leave behind some traces.

    I’m going to add it to my little arsenal, thanks Ashraf !

    But it’s still a useful option for use over the very short term I can imagine, like installing a new piece of software, which doesn’t meet expectations — yopu could deep clean it with Revo, but there’s still the risk of some stuff remaining somewhere, which it won’t with this software, so that’s a plus

    In addition to

  8. Bob

    This seems to be a bit overly complicated. I use a rather odd protection scheme. I have a hot-swapable hard drive unit in all my computers. I put in a drive, clone my boott system drive (a moderate sized SSD). I update it about once a week. If there’s a problem, I just swap out the boot drives from the BIOS and keep going.

  9. AFPhy6

    Very interesting option. I will consider using this program. Thanks for reviewing it and bringing it to our attention.

    I agree completely with your “it ought to have a warning all changes will go away” by somehow intercepting all normal shutdown modes. I would be surprised if all MS windows operating systems don’t have a hook for doing such intercept. It seems that Returnil does that, but it has been so long since I used that I don’t recall for sure. The programmer of the product ought to be able to locate such a hook and implement such a feature very easily.

  10. Darcy

    Might be interesting to see your review/opinion on various software that performs this function. Not just freeware either. Functionality, security, features, price, etc could all go into your rating a Best Choice status. Just a suggestion to think about.

  11. V

    Seems to me that this is just asking for trouble if you use another program which claims the MBR, like Paragon Backup.

    The other issue is that you cannot evidently exclude a program from its clutches, like your antivirus. So your av will continually have to download all of its updates since the baseline, every time the system boots. That’s a problem.

    Update your browser with new bookmarks, add-ons, etc? Fuhgetahbowtit if you forget to disable this first.

    I’ll stick with other methods, thanks.