Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is keeping an image backup of my cleanly installed machine a good idea?

Question:

As you keep saying we should do backups of our system so I found an easy
Disk Imaging System which I use to make full backups of my system.

The idea I had was to do a reinstall of my system using the manufacturers
installation disk then download all my programs , clean off as much junk as
possible and then make a disk image of what should be as clean a system as
possible.

After say six months I was planning to reformat the disk and put the backup
on. I would then bring everything up to date and make another image for use in
six months time. A bit like spring cleaning.

My question is how will this work regarding my security programs which
update once or twice a day? When I put a six month old backup back on will my
anti virus and anti malware programs update correctly or will they be missing
updates from months previously?

First, I like your idea. The basic idea is an approach I endorse, though I
don’t know if I’d do it every six months.

In fact, it’s an idea I strongly recommend for people that have
purchased machines with Windows preinstalled, and did not receive original
installation media.

I’ll review the technique, and then also address your question: what to do
about updates that happen after the initial image is taken.

]]>

The technique boils down to this: once you get your new machine set up in some “pristine” state, you take a full image backup. If you ever have a situation where you would need to “reformat and reinstall”, you instead simply restore this image and have everything exactly as it was at the time the image was taken.

“… if you get a machine with Windows pre-installed I strongly recommend you do this as soon as you possibly can.”

As I mentioned above, if you get a machine with Windows pre-installed I strongly recommend you do this as soon as you possibly can. If you did not get installation media to be able to reinstall Windows from scratch, having that initial image to go back to may be your only salvation should something someday go wrong.

And even if you do have that installation media, restoring an already configured image is typically a lot less work than reinstalling Windows and every application from scratch.

I actually recommend two images initially:

  1. The pristine machine as you received it, or after the initial Windows install.

  2. The machine after you’ve installed all your applications, and taken all the updates for Windows and those applications that happen to be available.

The latter one is probably the one you’ll use, but the first is an additional safety net.

Note that in all cases I’ve not said anything about your data. Ideally, you’ll take these images before actually using your machine, and before any of your data is on it. Think of these as “new machine” images – before you’ve had a chance to do anything.

That implies two things: first, this approach is not a replacement for regular backups, you still need to backup frequently to backup the data on your machine. If anything it’s a replacement only for the process of “reformatting and reinstalling” after a disaster hits. And second, when the time comes to restore to one of these images, you’ll need to take additional steps to recover your data from those more frequent backups.

Now, you’ve taken this one step further by planning to restore to this image every six months or so, so as to eradicate any software rot and return your system to a clean state.

But that implies that once restored that machine will be six months behind in updates for the operating system, all applications, and anti-malware definitions.

First: I’d make sure to be behind a hardware firewall like an inexpensive NAT router for this. If you’re running a software firewall it, too, would be 6 months out of data after the restore, and thus potentially unprotected against more recent threats.

Then I’d run Windows Update immediately so as to get all the operating system updates that happened since the machine was imaged.

Next, while all your anti-malware software will typically update their databases automatically, that may take up to 24 hours or so. I’d actually fire up each tool and force an update right away.

I’d then visit all the applications I cared about to either force them to automatically check for updates, or instruct them to do to with whatever options are available.

Finally, once everything was updated, I’d take a new image before restoring my data or using the system further. This image would be the one I’d use the next time I did this six months from now so as to then start in a slightly more updated state.

I’d also not discard the prior images. In particular, the very first image of the pristine “as it arrived” system, as well as at least the first after having installed and updated all applications. If, somehow, something were wrong with one of the intermediate images – perhaps a piece of malware was inadvertently allowed to be installed – you’ve always got that initial known clean checkpoint to go back to.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

12 comments on “Is keeping an image backup of my cleanly installed machine a good idea?”

  1. Wow. A lot of works. Imagine that you have 3 different PCs at home.

    IMHO, usually what the end user need is just to get the job done.

    Reply
  2. I have two desktops and three laptops currently.
    I have been using Acronis for years now, essentially as you have described above, though not every six months.
    Great treatment of the topic.

    Reply
  3. You mentioned creating an image of the system but you didn’t suggest any program or how to do it… Have you ever tried with DriveImageXML? Which do you recommend?
    div class=”leocomment”>I personally use Acronis TrueImage, and have played a little with DriveImageXML, which also appears to be a reasonable tool for the job.

    Leo
    14-Oct-2009

    Reply
  4. I use an open source tool called “partimage” to create regular images of my OS partitions.

    Partimage creates images using only the used space of a partition.

    My routine is to create an image every couple of weeks assuming everything is running ok.
    I keep the previous image as well as the new one.

    I store them for safekeeping on an external HDD.

    I also have them on various USB flash drives since restoring from a flash is extremely fast (about 2.4 GB/min).

    Since I multiboot several linux distros this frequency of imaging makes sense to me because the linux distros get updated often.

    As a matter of fact I will often make an image before doing a large update or if the update includes changes to X or involve updates to my video drivers.
    Large updates can something break things.
    A good reason for doing frequent updates.

    Partimage handles NTFS quite well so I do backups of my Win 7 and XP installs at about the same time I routinely image my linux distros.

    Partimage is itself linux based and is included
    on the System rescue CD (SysrescCD) a bootable disk containing several valuable tools.
    Partimage, IMHO is the most valuable tool on the disk.

    It takes about 25 minutes to create an image of Win 7 or XP using the medium compression option.
    My Win 7 and XP partitions (the used portions)
    are fairly large, between 9.7 and 12 GB respectively.

    With compression the resulting image files are
    ~4.86 GB for Win 7 and 6.79 GB for XP.

    Because my linux partitions are much smaller
    the resulting images are between 1.4 GB and 3.8 GB in size, again using the same compression scheme.

    All told I can do all 6 OS’s in a little over an hour and a half.

    I have a spare HDD that is partitioned identically
    to my main HDD with the same OS’s installed.

    Before leaving partimage after imaging all my OS partitions I pop the spare drive into a USB HDD docking device I have and use the restore feature to restore all my OS partitions.

    I then pop my spare drive into my notebook and make sure everything works ok.

    I then save all my images to an external drive for safekeeping.

    This method has saved me a lot of grief.

    If i need to restore a partition restoring from the appropriate flash drive is a snap.

    My data is stored on separate partitions, a large Fat 32 partition shared between both my linux and Windows partitions and a large NTFS partition for my Windows installs only.

    I manually back these up regularly to my external drive.

    It does take some work but it’s worth it.

    The fact that partimage is absolutely free is icing on the cake.

    Reply
  5. Good coverage of an essential subject; there are free image and data backup programs readily available to accomplish all that is described. Doing an image restore vice a rebuild is a timesaver! One thing that was not mentioned that is important when doing an image restore (either periodically or as-needed) is to also look for and install driver updates after the restore. If the image was created from a new machine, updated drivers are very likely and updating them is essential; after the machine ages, driver updates from the manufacturer are not as likely…

    Reply
  6. Thanks to Frank Golden for explaining your process. Seems to work very well for you and gives me hope that I’ll be able to implement something far less frequent with only one or two OS’s. Furthermore, you’re clearly a Linux user/fan and you made all that mention of both Linux and Windows in the same comment but didn’t make one dig toward MS. I like that (since I’m an MS fan) so your opinion now means something to me. This entices me to investigate Partimage. I see that it can be run from the SystemRescueCD. So would the process look something like this:
    –I take the CD, insert it into my Windows box (while it’s in what Leo calls my “pristine” state),
    –boot the box to CD
    –use the Partimage program to create my Windows XP image.
    Does this sound like the right steps? If so, after the image is created, I assume that I can then save it to an external HD, even while operating in the SystemRescueCD environment?

    Reply
  7. I TOTALLY agree with the suggestion. I personally use DriveImage XML (free, and can also be used with BartPE), and I also DEFINITELY recommend moving the MyDocuments folder to a second hard drive (presuming that it might be the main hard drive which crashes, if any, and as such, if Windows crashes, so does the MyDocuments folder), and also, using Second Copy on a daily basis, backup the MyDocuments (data) folder back on to another partition of the main hard drive. You can always replace the operating system and programs, but you can NEVER replace the data.

    Reply
  8. I follow a similar plan, but add one more: I use a one-line DOS command to update a straight file for file backup on an external hard drive of everything! That way, when I mess up just a simple file or three, I can go get it directly from the similar file structure on the external drive without messing with a restore program.

    This command in a batch file will copy only those files that have changed since the last time the batch file ran. It takes a while the first time, of course, but after that, it takes just minutes. It’s all in one line, of course:

    xcopy C:\ “Q:\Backups\Laptop” /D/S/R/Y/H/I/C/EXCLUDE:C:\batch\NObackup.lst > “C:\Backup.lst”

    You can omit the EXCLUDE command, but I don’t bother backing up temp dirs, etc.

    And you can then look in C:\Backup.lst to see every file that got copied.

    If you wonder what all those parameters mean, open a DOS prompt and type xcopy /? and it will explain them and many more.

    I’ve been using this approach for 20 years. It’s simple, effective, and fast.

    This is similar to a technique I use to backup some of my machines. The limitation is that this will not backup your operating system. If you suffer a complete system meltdown your data will have been saved, but you’ll still be faced with a complete reinstall of the operating system and all applications. (A price I’m willing to pay, but only for, as I said, some of my machines.)

    Leo
    14-Oct-2009
    Reply
  9. ‘DO several HDD images for clean/fresh install:
    1. SETUP: inc drivers, Windows Updates.
    (Without pagefile this may fit on CD)
    2. SETUP plus APPS: #1 above plus utilities and applications no security(This will fit on a DVD.)

    Reply
  10. Good treatment of topic. I’ve been using your process for years. A couple of additional ideas.

    First, be paranoid and use more than 1 backup tool to make the full backups. I had a purchased copy of Acrontis. Everything seemed to be working (backups verified etc) until my PC crashed and all of a sudden acrontis wouldn’t restore. Now I have full image copies using 2 different tools. If you are more adventurous, or you consider your data critical you may want to consider using one of the online backup services. That way your data would also be backed up offsite in case your building is damaged or destroyed. Be sure to consider data security (ie encryption) before moving your data onto the internet.

    Second. Make sure you create (and test immediately) bootable recovery disks using the backup application so that if your HD crashes you can boot the backup app from CD/DVD.

    Third. One other reader already made this suggestion in part. Move all of your data files to a separate “Data” hard drive or partition. Here are links to articles that describe how to make XP and Vista save all of your data files to a new drive letter:

    http://www.pcworld.com/article/159954/move_your_data_to_a_safer_separate_partition_part_1_xp.html

    http://www.pcworld.com/article/160849/move_your_data_to_a_safer_separate_partition_part_2_vista.html

    What I’ve done is during initial install/setup of windows I repartition my HD. The default HD partition tool in Vista is adequate to resize C: partition and create new “Data” partition. There are also several freeware tools you can use.

    http://www.pcworld.com/article/154352/whats_the_safest_way_to_resize_a_partition.html – this article mentions and links to several freeware partition tools

    Fourth. There is another technique I’ve read about have not tried, Slipstreaming. In this technique you create new install disks that merge the basic installation and subsequent Service Packs. Here are links to articles documenting how to do it for XP and Vista:

    http://www.pcworld.com/article/136168/slipstreaming_service_pack_2_on_an_old_windows_xp_cd.html

    http://www.labnol.org/software/tutorials/slipstream-vista-sp1-bootable-windows-vista-dvd-integrated/2750/

    Reply
  11. Firstly, lets address the anti-virus and malware issue. It shouldn’t matter whether your machine has been inactive for 6 months [ or a complete reinstall has occurred from a 6 month old image] The program is valid and all you have to do is fetch the latest files from the program to bring the lists up to date.
    Secondly, I know everyone has their own method of backup but I can only tell what HAS worked for me [after I got infected and did a complete reinstal ]. I used Karens free ‘replicator’ to replicate every file into another directory on another disk of my choosing. Granted, some program files could not be replicated as they are being used but since I did a complete reinstall with the original disks, this was not an issue. After reinstalling the system [ windows XP] I simply used the replicator. The replicator will not wipe any installed files but simply adds the ones that are missing. [ rename the registry BAK before copying back and all old registry entries are back with the copied file :) ]. The program is lightning fast [ and I MEAN fast ]. After copy back [ 22 minutes ] I had the system back like nothing ever happened.
    Then again, that’s just me. Different strokes.

    Reply
  12. I Know very little about some of this stuff but I use Easeus partition manager (Free )And make a clone of my hard drive. When something goes wrong, I just exchange the hard drive, Update all antivirus and spyware . Put the removed hard drive in a USB case and save anything I need, to A flash drive. Then I delete the partition with EASEUS and Clone the new drive back to that one. Then I check the data I’ve saved on the flash drive for virus or spyware before moving it back to both of the hard drives.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.