Block Level Protection

We have looked at buffer files, virtual machines, and file sync in the past as way to bring your computers back to life. Today’s topic is block level protection.

Unlike buffer files or file sync, this approach does not work with files, but rather with specific sectors on a drive. Entire sectors are protected, so no changes stick to those physical areas of the drive, bringing a brand new computer experience with each restart.

What’s the difference between a block and a sector? A sector is a physical area on a disk. Think of it as a slice of a track on a formatted disk that can hold a fixed amount of data. The first ones used to hold 512 bytes, then 2048 —now the newer drives use a 4K sector (4096). A block is a group of sectors that an OS can address. A block can consist of one or many sectors.

This great ability to shuffle data on block level has a lot of benefits.

– No performance hit

Compared to file level based methods, there is no performance hit. Very little processor power is spent on providing this kind of protection.

– No application compatibility issues

Working well below file level takes away any issues with how, where and when any files get moved. Block level solutions don’t care about single files. As a matter of fact, they have no idea what kind of payload is being moved or protected at any given time.

– Set it and forget it

Once block level protection is activated, no further tweaks are necessary to improve its performance. Whatever configuration was frozen at the moment will prevail with every reboot. Machines can run for years without any updates. If a computer doesn’t boot up, it’s due to hardware failure. Simple is good.

– Instant imaging is possible!

The block level protection is often compared to instant imaging (too bad such technology doesn’t exist yet – we look forward to quantum computing though). A session can accumulate a lot of changes, and all of those changes can be reset with a simple press of a “restart” button or with a remote command. A fresh system boots up each and every time.

– CSIs will be happy

Think any changes on a computer are gone once it reboots? Not quite. The data is still there, just not where the OS thinks it is. Professional forensics tools that access the drive directly will be able to recover the data needed.

– You can patch and pull updates

Nothing sticks to a system protected at the block level, even updates and patches. After a reboot it will be like they never happened. To update/patch your systems just turn the protection off, patch your system, then freeze it again.

– Better performance later

Optimize your system, then apply protection. With no system lint your computers will operate at their peak since junk files and system settings will not survive a reboot. Even your 100% defragmentation settings will stay the same, further improving your performance.

– You can choose what to freeze

Block level solutions typically apply to a partition, so if you want to have some flexibility in what to freeze and what to leave alone, you can create multiple partitions. A good idea is to leave all your program and system files on one partition (C: on Windows) and have your user profiles setup on another. Freezing C: partition and leaving D: as is. This way you can completely lock your operating system, but leave user data intact. Emails and pictures will be saved, system files and installed apps will be reset.

There are a couple of downsides though:

– Be careful what you freeze

Block level protection freezes everything – even the bad stuff. If your computer is infected and antivirus cleans it, the infection will be brought back upon restart.

– Need to restart

You may not like it, but there’s no way to switch the protection status without rebooting a computer. If you need to change protection status on the fly, block level protection is not for you.

– What root?

Block level solutions don’t care about user privileges. Any changes, either by guest or full admin, won’t survive a reboot. Thaw systems before applying any patches or updates.

Dmitry Shesterin

Dmitry has done everything. From sales and marketing in mobile telecommunications and printing (in Russia and Germany) to sales engineer and marketing lead (at Faronics). Dmitry has an unrivaled love of Excel and his sense of humor resembles Ambrose Bierce, his favorite writer.