Many of the new computers make a “D” partition that holds the equivalent of
a Restore Disk, that used to be common practice to come with a new machine. My
question is: if a machine is contaminated with viruses and/or malware, is the
“Rebuild Partition” also infected?
Is it affected? Maybe, maybe not. It varies.
Can a recovery partition be infected? Absolutely.
Add that to my long list of why I dislike recovery partitions, and typically
get rid of them – after doing a couple of things first.
One of the ways that computer manufacturers save money when building computers is to include less with them. Fewer disks to be shipped means lower cost for the manufacturer, and in turn lower costs to you. While the disks might seem inexpensive, when you ship thousands or millions of computers, even those small costs add up.
The problem is that the saving you some money this way often creates a different cost – in risk.
I’ve talked a lot about how manufacturers often don’t include a Windows installation disc any more. All they give you is the pre-installed version of Windows on the machine, and a “recovery” disk. The recovery disk can’t be used to install Windows, but it can be used to boot and recover or repair Windows in many circumstances.
Note that I said “many”, not all. More on that in a moment.
For some time, the manufacturers have been placing the recovery disc contents on your hard disk – some times in addition to the actual disc, and apparently more frequently instead of the disc. It’s often an additional partition; frequently drive D: if it’s visible at all. The recovery CD, if provided, uses the information in the recovery partition, and if there’s no CD there’s typically a way to boot from that recovery partition.
The result is the same: you can “recover” (but not reinstall) Windows to some initial presumably repaired state. (There’s actually no standard as to what a recovery should include.)
Here are the two biggest issues;
If your hard drive fails, you lose both your primary partition – where Windows, your programs and all your data typically live – in addition to the recovery partition. Being a separate partition doesn’t make it immune to catastrophe. If the drive fails that failure can take with it all partitions on the drive. You’re left with either no means of recovery at all, or a recovery CD that requires information on the drive that it can no longer access.
Your very point: files on the recovery partition can be infected, corrupted, accidentally deleted or who knows what else. You may think you have a recovery partition, but when the time comes to use it you may find out that it simply doesn’t work or results in a machine that’s just as badly infected as before the “recovery”.
That’s just all way too risky for me.
Instead, I do three things:
Insist on a Windows Installation CD. This contains all of Windows and can be used by itself to reinstall the operating system from scratch to an empty hard drive if need be. This differs from a “recovery” CD or partition, which require that the guts of the operating system somehow, somewhere already be on the hard drive.
I backup regularly and completely.
I remove the recovery partition to free up the space, and never use the recovery CDs.
It’s that first bullet that gives me all the flexibility I need/want.
Naturally, as I have before, I strongly recommend that you always insist on getting a Windows installation disc with your new PC. Accept no substitutes.
If it’s too late, or if for some reason you must purchase from a manufacturer that doesn’t make the disc available to you, then I recommend the following:
Make an image backup of your primary partition immediately after the machine’s been set up. Make a copy or two of that backup and keep it in a safe place. That’s what you’d restore to should your machine ever need to be completely reformatted and reinstalled. It’s as close to setting up from scratch as you can get without the installation media (and some would even say slightly more convenient).
Make an image backup of the recovery partition as well, just to be safe. I can’t really see a scenario where with the primary partition imaged that you would ever need this, but there’s simply no reason not to take an image while you have the chance.
Ignore the recovery partition. Remove it if you like. Or don’t.
If you ever find yourself in a position that you need to recover or reinstall you would instead make sure you have current backups of your data and applications and restore to the image backup you took when the machine was new.
It’s not perfect, but it protects you from exactly the very legitimate scenario you’re concerned about: the loss or compromise of your recovery partition.